Music Lovers “Spotted” Downloading Malware Via Spotify


Users taking advantage of the free version of the Spotify music service have recently been the targets of those wishing to do harm using malicious advertising. Some users have complained that even when performing no action at all, ads on the site were launching their default web browsers. It is not known at this time what actions the ads do once the new popup is open, but that may just be because no one has figured it out yet.

Malicious ads can do a lot of damage. They can launch attacks such as hijack users’ traffic, install key loggers, or simply inject malware on to the computer; and no one has to click or open anything for these things to happen. That is why making sure your devices are updated with the latest operating system versions and patches is so important. If these attacks are taking advantage of a known issue, having the patches applied will prevent them from hitting you.

In addition, install anti-malware products on all devices that connect to the Internet. This includes all mobile devices. Mobile malware infections are on the rise and because of the increase in use of these to do financial transactions and access accounts that store sensitive information, they are not expected to decline any time soon.

Spotify has taken action and is blocking the suspect ads. If you use the free service and notice a black bar on the web page, that is possibly one such ad. However, because of the ease of getting malware into those ads, Spotify likely has not found them all. So update your computers and devices and make sure your anti-malware products are all updated and running.

This is not the first time Spotify has been in the cyber security news. In 2014, it was the victim of a data breach that the company believed was a “proof of concept” attack intended as a test for a larger attempt. Earlier this year, the company blamed password reuse for strange activity some users were complaining about with their accounts and forced Android users to change passwords. It also isn’t the only music service under attack. Pandora also experienced a security incident, as did and more recently, found data of its customers from 2012 for sale on the Dark Web.

© Copyright 2016 Stickley on Security

Make Sure Every Dollar You Give to Charity Counts


Deciding to make a charitable contribution can arise from a desire to help others, a passionate commitment to a cause or the aim to give back to a group that once helped you or a loved one. Choosing which organizations you want to support can be difficult. There are over a million public charities in the United States according to the National Center for Charitable Statistics, and every dollar you give to Charity A is a dollar you might not be able to match for Charity B.

Whether it’s a friend’s charity run or supporting an animal rescue, often the decision to give comes down to a mix of internal and external factors. You have to determine which causes are most important to you, and with outside help you can compare how effective various charities are at using their funding.

Many non-profits do incredible work, but it’s always smart to verify their claims. You can start your due diligence by double checking an organization’s tax-exempt status using the Internal Revenue Service’s (IRS) Exempt Organizations Select Check Tool. Once you verify its non-profit status, you want to make sure it’s well run and makes a significant impact. There are several non-profits that evaluate and rate charities. You can find their guidance online and use it compare charities and inform your gifting.

Sometimes a specific event rather than a general cause can spur you into action. When this happens, if you want to be sure that your money goes to support that particular cause you might want to narrow your search to charities that let you specify how your donation will be used. Otherwise, your money might not directly support those affected by the crisis.

Donating to a non-profit with effective programs and processes is the way to go if you’re trying to help as many people as possible, but you can also make contributions to individuals or families through a crowd-funding website. There’s something special about knowing exactly who and how you’re helping, and they’ll appreciate the aid from a stranger. Similarly, you can help entrepreneurs by making a microfinance loan through a non-profit. You can relend the money you’re paid back to continue supporting small businesses.

If you’re looking for ways to increase your contribution, ask your employer if it has a matching program. Some companies will double, or even triple, your gift to select nonprofits. If your company doesn’t offer such a program, you could speak to your human resources department or boss about establishing one.

Third-parties also fund matching campaigns for charities. You can ask a charity if there’s a campaign running and make sure your donation qualifies. Unless there’s a pressing reason to make a donation today, you may want to put your money aside and wait until a matching campaign starts.

You might be able to increase your financial impact without outside help if you can claim a tax deduction for your donation. Calculate your tax savings each year and put the money back into your charity fund. Donated-related deductions can sometimes be confusing, and you may want to check with a tax professional or look online for tips from the IRS.

Your charitable gift could be the start of a legacy of giving among your family. By making donations a regular event during your children’s formative years, you’re establishing charitable giving as a family value that they can take into their adult lives. To engage children, make a donation to support a child’s favorite cause and show them how the money makes a difference. For example, you could follow up a donation to a non-profit animal rescue with a visit to the shelter to see how the money helps the staff take care of the animals.

Bottom line. Making a donation is one way to support a cause you believe in and ensure your gift has a meaningful impact. You can do this by having money available when it’s needed, donating to worthwhile charities, looking for ways to increase your financial impact and passing on a legacy of giving.

By Nathaniel Sillin

The New Estate Tax Rules and Your Estate Plan


The Tax Relief, Unemployment Insurance Reauthorization, and Job Creation Act of 2010 (the 2010 Tax Act) included new gift, estate, and generation-skipping transfer (GST) tax provisions. The 2010 Tax Act provided that in 2011 and 2012, the gift and estate tax exemption was $5 million (indexed for inflation in 2012), the GST tax exemption was also $5 million (indexed for inflation in 2012), and the maximum rate for both taxes was 35%. New to estate tax law was gift and estate tax exemption portability: generally, any gift and estate tax exemption left unused by a deceased spouse could be transferred to the surviving spouse in 2011 and 2012. The GST tax exemption, however, is not portable. Starting in 2013, the American Taxpayer Relief Act of 2012 (the 2012 Tax Act) permanently extended the $5 million (as indexed for inflation, and thus $5,450,000 in 2016, $5,430,000 in 2015) exemptions and portability of the gift and estate tax exemption, but also increased the top gift, estate, and GST tax rate to 40%. You should understand how these new rules may affect your estate plan.

Exemption Portability

Under prior law, the gift and estate tax exemption was effectively “use it or lose it.” In order to fully utilize their respective exemptions, married couples often implemented a bypass plan: they divided assets between a marital trust and a credit shelter, or bypass, trust (this is often referred to as an A/B trust plan). Under the 2010 and 2012 Tax Acts, the estate of a deceased spouse can transfer to the surviving spouse any portion of the exemption it does not use (this portion is referred to as the deceased spousal unused exclusion amount, or DSUEA). The surviving spouse’s exemption, then, is increased by the DSUEA, which the surviving spouse can use for lifetime gifts or transfers at death.

Example: At the time of Henry’s death in 2011, he had made $1 million in taxable gifts and had an estate of $2 million. The DSUEA available to his surviving spouse, Linda, is $2 million ($5 million – ($1 million + $2 million)). This $2 million can be added to Linda’s own exemption for a total of $7,450,000 ($5,450,000 + $2 million), assuming Linda dies in 2016.

The portability of the exemption coupled with an increase in the exemption amount to $5,450,000 per taxpayer allows a married couple to pass on up to $10,900,000 gift and estate tax free in 2016. Though this seems to negate the usefulness of A/B trust planning, there are still many reasons to consider using A/B trusts.

• The assets of the surviving spouse, including those inherited from the deceased spouse, may appreciate in value at a rate greater than the rate at which the exemption amount increases. This may cause assets in the surviving spouse’s estate to exceed that spouse’s available exemption. On the other hand, appreciation of assets placed in a credit shelter trust will avoid estate tax at the death of the surviving spouse.

• The distribution of assets placed in the credit shelter trust can be controlled. Since the trust is irrevocable, your plan of distribution to particular beneficiaries cannot be altered by your surviving spouse. Leaving your entire estate directly to your surviving spouse would leave the ultimate distribution of those assets to his or her discretion.

• A credit shelter trust may also protect trust assets from the claims of any creditors of your surviving spouse and the trust beneficiaries. You can also include a spendthrift provision to limit your surviving spouse’s access to trust assets, thus preserving their value for the trust beneficiaries.

A/B Trust Plans With Formula Clauses

If you currently have an A/B trust plan, it may no longer carry out your intended wishes because of the increased exemption amount. Many of these plans use a formula clause that transfers to the credit shelter trust an amount equal to the most that can pass free from estate tax, with the remainder passing to the marital trust for the benefit of the spouse. For example, say a spouse died in 2003 with an estate worth $5,450,000 and an estate tax exemption of $1 million. The full exemption amount, or $1 million, would have been transferred to the credit shelter trust and $4,450,000 would have passed to the marital trust. Under the same facts in 2016, since the exemption has increased, the entire $5,450,000 estate will transfer to the credit shelter trust, to which the surviving spouse may have little or no access. Review your estate plan carefully with an estate planning professional to be sure your intentions will be carried out under the new laws.

Wealth Transfer Strategies Through Gifting

Because of the larger exemptions and lower tax rates, there may be unprecedented opportunities for gifting. By making gifts up to the exemption amount, you can significantly reduce the value of your estate without incurring gift tax. In addition, any future appreciation on the gifted assets will escape taxation. Assets with the most potential to increase in value, such as real estate (e.g., a vacation home), expensive art, furniture, jewelry, and closely held business interests, offer the best tax savings opportunity.

Gifting may be done in several different forms. These include direct gifts to individuals, gifts made in trust (e.g., grantor retained annuity trusts and qualified personal residence trusts), and intra-family loans. Currently, you can also employ techniques that leverage the high exemptions to potentially provide an even greater tax benefit (for example, creating a family limited partnership may also provide valuation discounts for tax purposes).

For high-net-worth married couples, gifting to an irrevocable life insurance trust (ILIT) designed as a dynasty trust can reduce estate size while providing a substantial gift for multiple generations (depending on how long a trust can last under the laws of your particular state). The value of the gift may be increased (leveraged) by the purchase of second-to-die life insurance within the trust. Further, the larger exemptions enable you to increase, gift tax free, the premiums paid for life insurance policies that are owned by the ILIT or other family members. Premium payments on such policies are taxable gifts, so these premium payments are often limited to avoid incurring gift tax. This in turn restricts the amount of life insurance that can be purchased. But the increased exemptions provide the opportunity to make significantly greater gifts of premium payments, which can be used to buy a larger life insurance policy.

Before implementing a gifting plan, however, there are a few issues you should consider.

• Can you afford to make the gift in the first place (you may need those assets and the related cash flow in the future)?

• Do you anticipate that your estate will be subject to estate taxes at your death?

• Is minimizing estate taxes more important to you than retaining control over the asset?

• Do you have concerns about gifting large amounts to your heirs (i.e., is the recipient competent to manage the asset)?

• Does the transfer tax savings outweigh the potential capital gains tax the recipient may incur if the asset is later sold? The recipient of the gift gets a carryover basis (i.e., your tax basis) for income tax purposes. On the other hand, property left to an individual as a result of death will generally receive a step-up in cost basis to fair market value at date of death, resulting in potentially less income tax to pay when such an asset is ultimately sold.

Caution: The amount of gift tax exemption you used in the past will reduce the $5,450,000 available to you in 2016. For example, a person who used $1 million of his or her exemption in 2012, will be able to make additional gifts totaling $4,450,000 during 2016 free from gift tax.

Tip: In addition to this opportunity to transfer a significant amount of wealth tax free, it’s important to remember that you can still take advantage of the $14,000 per person per year annual gift tax exclusion for 2015 and 2016. Also, gifts of tuition payments and payment of medical expenses (if paid directly to the institutions) are still tax free and can be made at any time.


* Non-deposit investment products and services are offered through CUSO Financial Services, L.P. (“CFS”), a registered broker-dealer (Member FINRA/SIPC) and SEC Registered Investment Advisor. Products offered through CFS: are not NCUA/NCUSIF or otherwise federally insured, are not guarantees or obligations of the credit union, and may involve investment risk including possible loss of principal. Investment Representatives are registered through CFS. NASA Federal Credit Union has contracted with CFS to make non-deposit investment products and services available to credit union members.

CUSO Financial Services, L.P. and its representatives do not provide tax advice. For such advice, please contact a tax professional.

Authorities Warn Not to Insert Found USB Drives Into Your Computers

USB thumb drive with hand holding on keyboard background

Those little data storage devices called USB or flash drives can really wreak a lot of havoc. They come in all shapes and sizes, different colors, and some even light up when they are inserted into a computer. They are also very intriguing when found lying around and that’s not good. In fact, these little devices have been found to harbor all kinds of malware that gets downloaded to the computers into which they are inserted and often, the user is none-the-wiser.

The police in the Australian State of Victoria recently warned the locals that malware-laden USB drives were being left in their mailboxes. They were found to install fraudulent media streaming service offers and do other harms.

The advice to thwart this type of attack is to never insert one of these devices into your computers unless you know specifically what is on it or that you put it there yourself. Never plug one in that you just find unexpectedly or lying around. If you suspect it may belong to someone you know or have information you need or want, take it to your IT department or a technical support professional and let them find out what it stores. They often have computers available for scanning such items so that malware is not unleashed onto the network or your computer.

Just because the above incident happened in Australia, it doesn’t mean it can’t or doesn’t happen anywhere. In fact, a security researcher demonstrated the dangers of inserting a random USB drive at the 2016 Black Hat Conference. She left nearly 300 of the little drives in various locations around the campus of the University of Illinois Urbana-Champaign just to see what would happen. The result was that almost half of those who found the drives actually inserted them into a computer and tried to open the file that was stored on it.

Jim Stickley of Stickley on Security was able to use a USB drive to download a file onto a locked Windows 10 computer in less than a minute. He did it as a demonstration to show how fast malware can get onto your computer. A criminal may not have those good intentions.

In yet another case, someone working for the Dutch chemical company DSM found an USB drive in the company parking lot.  That person did the right thing and took it to IT department where it was found to be a cyber espionage attempt. It included a keylogger that could steal user names and passwords. It then sent that information off to an external location.

© Copyright 2016 Stickley on Security

FBI Warns That New Types of Mobile Banking Malware Are On the Rise

Male Caucasian industry professional pressing MOBILE SECURITY on an interactive touch screen with virtual forensics tool icons. Cyber concept for mobile phone security. Solid stone wall background.

Malware making its way onto mobile devices is not a new concept. However, it is on the upswing as mobile banking becomes more popular. Cyberthieves are now using new ways to hack their way into bank accounts on mobile devices and this tactic is not likely to go away any time soon. That’s because it’s working.

The FBI is warning that new types of malware that are specifically designed to target banking applications on mobile devices are increasing. Most of the time they are aimed at larger financial institutions, but not exclusively. In fact, a banking-fraud-solutions manager at SAS estimated that the malware called Acecard has customized overlays for 50 financial services applications.

An overlay is a façade of sorts that sits on top of the interface to an actual application. It looks similar enough that it’s often difficult to tell if it’s real or fake. These catch out consumers more often than we’d like to think and if they are successful, malware can get downloaded to the device without the user having any idea. Once the credentials are captured by the thieves, they make their way back to the criminals remotely. They are then used or sold on the Dark Web for around $1 apiece. The malware to do this costs about $15,000. However, the payoff to criminals can be far more.

One sign that malware has managed to make its way onto your mobile devices if it asks for any additional personally identifying information, such as a social security number or birthdate.  If yours does, it’s not legitimate and you should not continue entering your login credentials.

The FBI believes that the reason this type of malware is gaining ground is because people often fail to install anti-malware on their phones and tablets. This leaves them vulnerable to additional attacks. Therefore, be sure to install this on your devices. Do some research on the available options for your products and get the right one for your device. Make sure to read the reviews and that it’s from a reputable company.

In addition, any application that you install should come from the official app store for your device. The malware affects both Android and iOS devices. Sideloading, or getting them from locations other than the app stores adds additional risk. Those are not usually put through as much security scrutiny and therefore may not be as safe to download. The FBI identified this as a problem as well.

If your financial institution offers multi-factor authentication before allowing access to your account, take advantage of it. While some malware has been known to thwart this additional security step, it is still better to take the time to do it. This could mean entering an access code that is sent via text, but could also entail entering a randomly generated code from a key fob that the institution can provide to you.

These crimes can be difficult to track. Those who fall victim may not even know it’s happened until long after the damage has been done. So, don’t underestimate how vulnerable your phone can be. Just because it hasn’t left your side, doesn’t mean someone hasn’t been inside it.

© Copyright 2016 Stickley on Security

Graduated and On Your Own: Now What?


Fall is here and school is back in session but for many graduates, it’s out for good. If you’re a recent high school or college graduate, this might be the first time you’re on your own. Living away from home and paying for your own housing, food and other necessities can be a tough adjustment. But being on your own for the first time is a new and exciting experience and it offers a perfect opportunity to set yourself up for success.

Make sure you have the right bank account for you. A lot may have changed since you opened your account, so consider changing your account to find the best one for your needs. If you are still sharing a bank account with your parents, consider opening your own. Opening an account can be simple and it’s possible to do so online or over the phone – but you’ll need a minimum deposit amount and documentation like your Social Security Number. For helpful tips, see the Consumer Financial Protection Bureau’s (CFPB) guide on opening a checking account.

Live within your means. As you begin your career it’s essential to have reliable income and use it responsibly. A good budgeting guideline to start with is the 50/20/30 rule. Allot 50 percent of your income to necessary costs like housing, 20 percent to financial goals like repaying student loans and 30 percent to spending money. Remember that this is a rule of thumb and you can adjust it to fit your needs. Never spend more than you have, and always pay your bills on time.

Figure out taxes. The most important thing to know about taxes is that you must pay them on time or request a six month extension. If you’ve missed the deadline, don’t ignore the Internal Revenue Service (IRS) – follow their guidelines for repayment. There are multiple ways to pay your taxes and you can download the IRS2Go mobile app to make payments. Check with your parents before filing: if they claim you as a dependent, you won’t be able to claim tax exemptions. Finally, check if you qualify for special exemptions like a student loan deduction.

Take charge of your student loans. First, confirm your loan status at the official Federal Student Aid website where you can also explore your payment options and estimate how long it will take to repay your loans. Always make the minimum payments on time, and if you’re having trouble paying off your loans, don’t ignore them. Contact your lender, explain your situation and pay as much as you can immediately while prioritizing paying off the rest.

Check up on your healthcare. Under the Affordable Care Act, you can stay on your parents’ plan until you’re 26. If you aren’t currently on your parents’ plan or wish to leave their plan, you have several options to explore. Under federal law, if you’re not covered by health insurance you must pay a fee on your next federal tax return. You can explore the different levels of coverage available and estimate how much a plan will cost you at, the federal healthcare website.

Get ready for retirement – yes, really. The younger you start saving, the more valuable your savings are. According to this Bankrate example, starting your savings at age 25 at $2,000 a year will yield a retirement account of $560,000 (assuming your earnings grow at 8 percent every year). But starting10 years later at age 35 will yield just $245,000 at retirement – less than half the money you’d have if you started saving ten years earlier. The earlier you start saving, the more money you’ll end up with – and if you take advantage of an employer-matched 401(k) fund, you can put away extra money for free.

Charge up your credit score. Building up credit as a young adult is important for big purchases down the road. Buying a house or purchasing a car are often significantly harder without a good credit score. It’s smart to start building good credit while your expenses are relatively small. For more information, the CFPB has a database of frequently asked questions with everything you need to know about credit cards and credit scores.

Bottom line: Though the transition from student to independent adult may feel overwhelming, you can take this opportunity to get your finances organized and prepare for working life. Building a strong financial foundation early on will help you worry less about your money and allow you to fully enjoy other new aspects of your life after college.

By Nathaniel Sillin