Archive - Phishing RSS Feed

5 Tips To Avoid Tax Scammers in 2013

scamTax time us upon us once again, and the tax scammers are out in force!

This is certainly the season to be on the lookout for scams and schemes which offer to help you reduce or eliminate your tax debt.

Many consumers are unaware that the IRS has a division called the Taxpayer Advocate Service. This is a division within the IRS that is designed to assist consumers who have trouble getting certain tax issues resolved with the IRS. One of the tough issues that could complicate your relationship with the IRS is tax-fraud.

Tax related identity theft places an unusual burden on both the taxpayer and the IRS:

According to the IRS’s Taxpayer Advocate Service:

“Resource constraints also are limiting the IRS’s ability to assist victims of tax-related identity theft. Tax-related identity theft typically arises when an identity thief uses the Social Security number of another person to file a false tax return with the intent of obtaining an improper refund. Identity theft can impose a significant burden on its victims, whose legitimate refund claims are blocked and who often must spend months or longer trying to convince the IRS that they are, in fact, victims and then working with the IRS to untangle their account problems.”

Here are 5 scams to watch out for this tax season. Continue Reading…

5 Tips To Avoid New IRS Tax Scams

Today I actually received what SEEMS to be good news via email  from the IRS.

After reading the subject line, the sender line and the smooth-talk line, I decided that today was NOT a good day to go “phishing”.

According to the sender, I’m entitled to an easy tax refund,  if I’ll just click on an attachment. (Hint: “NEIN! NYET! NOPE!”)

I received the following email today and want to point out several reminders for you when
opening email that requests your NPPI (Non-Public, Personal Information). Continue Reading…

5 Twitter Hack-Prevention Tips for 2012

Twitter now claims to have 50 million active users every single day!

Recently, a colleague complained that his Twitter account had been hacked not once, but twice in the past month!

There is really no reason for anyone to be that vulnerable to attack.

With 2012 upon us and the explosive growth of Twitter, I think the New Year is an excellent time for a review of easy, effective Twitter privacy practices.

5 easy (and tweetable) tips for better privacy protection.

1. Use a strong password that is at least 8 characters long and includes both numbers and symbols. [tweet this]

To avoid the simplest intrusions, make sure your password is not a word that appears in the dictionary. So called computerized “dictionary attacks” are easily capable of targeting and exploiting those words literally within a few seconds. For a great article on password tips and advice, check out this informative article from the folks at Google.


2. Make sure that is in the address bar whenever you log into your account. [tweet this]

Bogus sites, malware, spyware and viruses are often disguised as common links. Be cautious about clicking on any links in Twitter messages you read or receive, especially from people you don’t personally know and trust.

Hint: Any words that may appear between the word twitter and the are indicators that you are not connecting to Twitter!
(example – Not so subtle now, is it?


3. Revoke all access for any suspicious, unrecognized or untrusted third-party Twitter applications. [tweet this]

Just go to “Connections” under the “Account Settings” menu and click “Revoke Access.”

Trusted apps should include only ubiquitous, reliable and trustworthy providers such as Facebook, TweetDeck and Hootsuite etc. Programs and applications built by 3rd party developers can be easy and convenient, but should be used with great care. A recent article in PC World magazine reported that Twitter may have solved this problem by rendering all 3rd party apps obsolete, thanks to their newly re-designed iPhone and Android apps.


4. Stay updated with the latest patches and updates against spyware, viruses and adware. [tweet this]

Keep all your computers, smartphones, tablets, and browsers continuously safeguarded with the latest patches and updates against malicious or harmful software. If you are not getting these updates DAILY (while you sleep) you are vulnerable.


5. Twitter will never email request personal info. If you receive such a request, its the boogeyman! [tweet this]

According to Twitter’s blog:

If we suspect your account has been phished or hacked, we may reset your password to prevent the hacker from misusing your account. In this case, we’ll email you a link to where you can reset your password. Again, this link will always be on the website, and we will never ask you to email us your old password.


Twitter says their goal is “increased security and a better experience.” The folks at Twitter may have taken a page right out of the TSA’s manual for handling airline passengers.

Fly little Twitter birdie, fly!

What Twitter safety practices could you share? Leave a comment!

[Don’t forget to follow me on Twitter for frequent privacy tips!]

Who Can You Trust In A Digital World?

Who do you trust to guard your treasure?

Whether we realize it or not, we make personal trust decisions every day. Our choices can and often do come back to bite us in the….. pocketbook.

We don’t always stop to acknowledge that the choices we make and the partners we choose are often really just surrogate security guards who we assume or presume will keep a close watch over our personal financial backside.

Remember the days when you could fall asleep at night without worrying whether the doors were all locked? Chances are, the older we are, the more we long for those days when our stuff was safe sitting on a park bench while we fed the ducks. Those days are gone.

I’ve been overwhelmed lately with the growing realization that I am totally dependent upon others for the safety and security of most of my material possessions. I suppose that’s why my prayer life improved as my family grew. I began to realize that I really don’t have eyes in the back of my head. Continue Reading…

Is Your Smartphone Safe From Hackers?

With the recent phone-hacking crisis at News Corporation and the emotional testimony of the company’s top executives including Chairman Rupert Murdoch, now might be a good time to do what you can to secure your own cellphone whether it is a  smartphone or not.

Analysts at Gartner estimate that one in six people now own or have access to a smart phone. The importance of protecting and maintaining the integrity and privacy of both your personal and business data cannot be overstated. Once it’s gone, your data takes on a new life of its own on the worldwide underground  black market.

The variety of ways we engage with and consume online entertainment and information has changed in just the past two years, thanks to the demand for and availability of a torrent of on-demand mobile content.

While  the good guys work to develop new feature-rich applications for us to consume, the bad guys are just as busy trying to gain access for a number of reasons:   Continue Reading…

Global Spear-Phishing: A New Threat

While Charlie Sheen maniacally pronounces his  self induced “winning” status to a saddened, bewildered and exhausted fan base, another  growing menace actually seems poised for “winning”.

Consumers got a wake up call on two fronts with the disclosure of the massive Epsilon Interactive data breach last week.

Our  first wake up call stems from the sheer length of the  list of companies who utilize Epsilon’s email  service to reach their customers.

The second wake up call is the reality that so many trusted brands outsource our names and email addresses to a third party  email service provider (ESP)  who has now been exposed as functionally incapable of protecting the  private personal data that was entrusted to them.

The truth is that there is nothing you or I can do to prevent these leaks when the repository for our data is in the hands of other people.

According to the consumer advocacy group Cauce, the following  financial institutions were affected by the breach: Continue Reading…

The New Face of Phishing

In the past six months,  a dangerous new threat has emerged in the world of internet phishing. Many of us have often laughed at the crude and poorly crafted phishing explorations that often invade our in-box.

Lest any of us fall asleep at the wheel thinking we are already hip to the rather primitive  phishing tactics of the past, this one could easily  catch you in it’s insidious hooks if you don’t read on.

Known as “tabnapping”, this ploy is designed to psych you out with a behind-the-back switcheroo that literally kidnaps  open tabs and catches most savvy observers by surprise. Using an almost invisible layer of embedded JavaScript, here’s how it works.

Brian Krebs explains:

” As Mozilla Firefox creative lead Aza Raskin describes it, the attack is as elegant as it is simple: A user has multiple tabs open, and surfs to a site that uses special javacript code to silently alter the contents of a tabbed page along with the information displayed on the tab itself, so that when the user switches back to that tab it appears to be the login page for a site the user normally visits.”

In as little as five seconds, a tabbed page silently and almost invisibly changes to a seemingly familiar page (including the cute little “favicon” in the address bar) which requires you to re-enter your log-in credentials. As soon as you enter your private details,  both you and your personal information  have literally been “had”.

The best defense against this tricky new tactic is to take a time-out. What that means is whenever a site you visit “times-out” , you should take some time-out of your browsing frenzy to open a new tab and re-enter the desired URL yourself.

Most browsers including Safari, Chrome,  Firefox and Internet Explorer claim to be on the lookout for you by blocking tabnapping attack code. Researchers and hackers have both been able to sidestep many of the current blocking protections,  leaving most browsers vulnerable.

Safety dictates that you don’t log in on any tab that you  have not opened yourself. Get into the habit of opening fresh tabs whenever you enter a user-name or password.

If you forget to refresh previously opened and familiar log in pages, one day soon you could literally open up a fresh can of worms.