Category Archives: cybercriminals

Gaming Industry An Attractive Target For Cybercriminals

The gaming industry, in general, is aware that attempts to login and other forms credential abuse is a problem. But maybe not as aware that they should be.

According to a new Akamai report, hackers are using new methods to evade detection. Many organizations do not follow the scope and complexity of the problem of identity theft.

The State of the Internet Report: The Company’s 2019 Web Gambling and Gambling Abuse Web Sites, published at the annual Akamai Edge World event, revealed that hackers had made more than 12 billion attacks in gaming site between late 2017 and March of this year, qualifying the gamer community as one of the most aggressive targets for these attacks and one of the most lucrative for cybercriminals.

In total, gambling sites accounted for more attacks aimed at obtaining identification information in all sectors during the investigation period by Akamai.

“One reason that we believe the gaming industry is an attractive target for hackers is that criminals can easily exchange in-game items for profit,” said Martin McKeay, security researcher for Akamai and editorial director of the report. “Furthermore, gamers are a niche demographic known for spending money, so their financial status is also a tempting target.”

The Akamai report also pointed out that SQL injection attacks (SQLi) accounted for about two-thirds of all Web application attacks, while Local File Inclusion (LFI) attacks accounted for about a quarter.

The report points out that most credential stuffing lists circulate online usage data from well-known large-scale data breaches, and that many of them are rooted in SQLi.

An Akamai press release says its researchers have discovered a video explaining to users how to perform SQLi attacks against websites and using the credentials obtained to generate lists that can be used for the credential stuffing against online games.

“As gaming companies continue to innovate and improve their defenses, they must also continue to educate their consumers on how to protect themselves and defend themselves. Many players are young and if they learn best practices to protect their accounts, they will incorporate them for the rest of their lives,” McKeay said.

The Akamai report shows that more than two-thirds of application layer attacks are directed against US-based organizations, and Russia and Canada occupy positions No. 1 and No. 2 for the gambling sector, in terms of sources of attack. “Attackers see the credential abuse as a low-risk venture with a potential for a high payout, at least for now,” Akamai’s report reads. “

The report notes that hackers tend to give more value to compromised accounts related to valid credit cards and other financial links. Once these accounts are compromised, they will buy additional items, including the currencies used in the games.

These types of attacks are more likely to increase in the future. As with many other types of attacks, the important thing is that a user should keep in mind that attacks occur so that you can find ways to defend your business against them.

Related Resources:

Best 5 Nintendo 3DS Emulator for Android, iOS & PC

The post Gaming Industry An Attractive Target For Cybercriminals appeared first on .

The gaming community is a rising target for credential stuffing attacks

Hackers have targeted the gaming industry by carrying out 12 billion credential stuffing attacks against gaming websites within the 17-month period analyzed in the report (November 2017 – March 2019) by Akamai. 55 billion credential stuffing attacks This puts the gaming community among the fastest rising targets for credential stuffing attacks and one of the most lucrative targets for criminals looking to make a quick profit. During the same time period, Akamai saw a total … More

The post The gaming community is a rising target for credential stuffing attacks appeared first on Help Net Security.

Telegram Recovers from DDoS Attack

Telegram Messenger, which had suffered a DDoS (Distributed Denial of Service) attack recently, has reportedly recovered from the same and everything now seems stabilized, as per reports.

A ZDNet report, dated June 13, 2019, says, “Telegram Messenger has recovered from a distributed denial of service (DDoS) attack that hit its platform on Wednesday, telling its 200 million-plus users that for the moment, things seem to have stabilised.”

On June 12, Telegram had intimated users via Twitter about the DDoS attack. The Tweet said, “We’re currently experiencing a powerful DDoS attack, Telegram users in the Americas and some users from other countries may experience connection issues.”

Telegram even explained, in a rather funny and interesting manner, to users as to how DDoS attacks work- “A DDoS is a “Distributed Denial of Service attack”: your servers get GADZILLIONS of garbage requests which stop them from processing legitimate requests. Imagine that an army of lemmings just jumped the queue at McDonald’s in front of you – and each is ordering a whopper… The server is busy telling the whopper lemmings they came to the wrong place – but there are so many of them that the server can’t even see you to try and take your order.”

The users were also told how cybercriminals use botnets to make a DDoS attack almost similar to a “zombie apocalypse”, and also that it’s just about overloading the servers, thereby not at all impacting data security.
Eventually, Telegram told users that everything is ok and that things seem to have stabilized.

The fact that the timing of the DDoS attack on Telegram coincided with the Hong Kong extradition law protests organized on the platform has been pointed out. There are inferences that the attack was launched mostly from China. Telegram founder and CEO Pavel Durov has tweeted, “IP addresses coming mostly from China. Historically, all state actor-sized DDoS (200-400 Gb/s of junk) we experienced coincided in time with protests in Hong Kong (coordinated on @telegram). This case was not an exception.”

Massive and violent protests are going on in Hong Kong opposing the government’s plans to pass a bill that would allow extraditions to China. The protests were largely organized on Telegram, Facebook, Twitter and other messaging apps, like WhatsApp and Signal. The South China Morning Post had reported that protestors were using encrypted messenger apps to organize themselves, share intelligence and avoid police detection. The report also says that a Telegram group administrator was arrested on suspicion of conspiracy to commit public nuisance.

Telegram has played a key role in the organization of the protests as it allows the creation of groups for up to 200,000 people or to create channels for broadcasting to unlimited audiences. Moreover, it is seen as a secure way to communicate and avoid China’s strict surveillance regime as it allows encryption of messages. The South China Morning Post points out that though news about the current protests is being shared over Facebook and Twitter, much of the sensitive information sharing and coordination is done using Telegram and Signal. The report also says that the public is now more concerned about privacy especially after the Facebook data breach by Cambridge Analytica and the fast development of big data and surveillance technology in the mainland.

The South China Morning Post quotes Lokman Tsui, a professor at Chinese University researching media and technology, as saying, “People are smarter around technology now. They are using tech in a way that doesn’t give you away.” The report adds that according to Professor Lokman Tsui, some apps, including Telegram, are not safe as protestors assume them to be. He points out that messages over Telegram are not encrypted by default and that most people don’t know that they have to actually turn on the encryption feature.

Also, Read:

How Companies Fight DDoS Attacks?

How to Protect Businesses Against DDoS Attacks

The post Telegram Recovers from DDoS Attack appeared first on .

Code signing keys and certificates are crucial security assets, are you protecting them?

Only 28 percent of organizations consistently enforce a defined security process for code signing certificates, a Venafi study of over 320 security professionals in the U.S., Canada and Europe reveals. “When the code signing keys and certificates that serve as machine identities fall into the hands of attackers, they can inflict enormous damage,” said Kevin Bocek, vice president of security strategy and threat intelligence at Venafi. “Secure code signing processes enable apps, updates, and open … More

The post Code signing keys and certificates are crucial security assets, are you protecting them? appeared first on Help Net Security.

Microsoft Warns Users About Ongoing Email Spam Campaign

Microsoft warns users about an ongoing email spam campaign that abuses an Office vulnerability and seems to target European users. The malware, it is reported, is spread through infected RTF documents attached to emails.

ZDNet reports, “Microsoft’s security researchers have issued a warning on Friday afternoon about an ongoing spam wave that is spreading emails carrying malicious RTF documents that infect users with malware without user interaction, once users open the RTF documents.”

The spam emails appear to target European users as they are sent in different European languages.

When the RTF document attached to an email is downloaded, it runs multiple scripts of different types, like PowerShell, PHP, VBScript etc, to download the final payload, which is a backdoor trojan.

However, it seems that after Microsoft issued its alert, the C&C server of the backdoor trojan is down. The ZDNet report, dated June 9, 2019, says, “Fortunately, the trojan’s command and control server appears to have gone down by Friday, when Microsoft issued its security alert.”

The report, however, reminds us that there could be such other future campaigns; it says, “However, there is always the danger of future campaigns that may exploit the same tactic to spread a new version of the backdoor trojan that connects to a working server, allowing crooks direct access to infected computers.”

The vulnerability that hackers have exploited to execute this campaign is an old Office vulnerability- CVE-2017-11882, which was patched by Microsoft in an update issued in November 2017. Thus, users who had applied the patch are safe from the current campaign.

CVE-2017-11882, which has been used many times by cybercriminals since the end of 2017, is, according to ZDNet security reporter Catalin Cimpanu, “…a codename for a vulnerability in an older version of the Equation Editor component that ships with Office installs, and used for compatibility purposes in addition to Microsoft’s newer Equation Editor module.”

He explains, “Back in 2017, security researchers from Embedi discovered a bug in this older component that allowed threat actors to execute code on users’ device without any user interaction whenever a user would open a weaponized Office file that contained a special exploit… Because Microsoft appeared to have lost the source code for this old component, and after the discovery of a second Equation Editor bug in 2018, Microsoft decided to remove the older Equation Editor component altogether from the Office pack in January 2018.”

Despite the vulnerability being detected and patched, hackers, as we have already mentioned, went on exploiting it again and again as many companies and users are known to have the habit of forgetting to install security updates on time.

ZDNet points out that while most other Office exploits require that users enable macros or disable various security features via popups, this exploit doesn’t need any kind of user interaction. Hence, this exploit is being used for mass-spam campaigns and continues to be popular among many hacker groups engaged in highly targeted attacks.

Related Resources:

Microsoft Releases First Preview Builds of Edge Browser

Top 6 Email Spam Blocker Tips | How to Avoid Email Spam Filters?

The post Microsoft Warns Users About Ongoing Email Spam Campaign appeared first on .

Westpac Cybersecurity Breach Impacts Almost 100,000 Customers

A major cybersecurity breach that has struck Australia’s Westpac Banking Corporation has reportedly impacted almost 100.000 customers.

Australian website nine.com.au reports, “A major cyber security breach has seen the private details of almost 100,000 Westpac customers exposed after the bank’s system was attacked by hackers.”

As per reports, it was PayID, the real-time payments platform that allows instant money transfer between banks using a mobile number or email address, that was targeted by the cybercriminals in this attack.

The Sydney Morning Herald, in a detailed report on the hacking incident, notes, “Unknown to many Australians, PayID operates like a telephone book, allowing anyone to type in a mobile number or email address and have it confirm the name of the corresponding account holder. This allows for what security experts call an “enumeration attack”, whereby numbers can be changed at random to find the names and mobile numbers of thousands of Australians…Experts say that with access to these details, fraud could be committed on a mass scale.”

Though Westpac has confirmed the attack, details haven’t been divulged as regards the number of people affected, say reports. It’s also reported that the Westpac data breach has affected customers from other banks as well.

The Sydney Morning Herald reports that Westpac has disclosed information about the breach to Australia’s banking and financial industry in a confidential memo, which has been obtained by the Sydney Morning Herald and The Age. As per the report, the memo says, “On 22 May 2019, Westpac noted that a high volume ([around] 600,000) of NPPA PayID lookups was made from 7 compromised Westpac Live accounts. [Around 98,000] of the lookups successfully resolved to a short name and this was displayed to the fraudster… Further analysis revealed that the attacks had been occurring since 7 April 2019 (the total number of lookups is [around] 600,000). The attackers are possibly offshore (the … intelligence of the logins indicates [they are] US-based fraudsters).”

The memo clarifies that the accounts that have been used for the breach seem to have been either compromised or set up to perform the attack. It’s stated that Westpac had got in touch with the legitimate owners of the existing accounts and they were not aware of the attacks or involved in any way. The Sydney Morning Herald report also states that as per the memo, the hackers had been trying phone numbers in a semi-sequential manner and also that it appears likely that the numbers are targeted based on guessing and don’t come from any existing data compromise. It’s also stated that the attacks were continuing on a semi-daily basis.

Westpac, upon detecting the issue, has taken additional preventive actions and had managed to go on without a system shutdown. It’s also reported that no customer bank account numbers have been compromised in the attack.

Experts point out that this data breach could make customers refrain from using the PayID system until they are certain that their personal data won’t be breached.

Also, Read:

Data Breaches in Healthcare Comes From Within

Cybersecurity Breaches Against Canadian Companies on the Rise

 

The post Westpac Cybersecurity Breach Impacts Almost 100,000 Customers appeared first on .

Corporate IT Security Starts With Simple Policies

Frequent readers of hackercombat.com should be fully aware by now that cybercriminals of all sizes mean serious business. The old days of script kiddies vandalizing a website or pulling off a publicity stunt for their 15-minute of fame online are a rare occurrence these days. Cybercriminals are enticed by the real plausibility of profiting from their operations, there is money from data stored in a database of any company. Cybercrime tends to increase intensity and sophistication, especially if the victim is an actual prime target. Spear phishing, deliberate virus infections, infiltration, and corporate/industrial espionage are regular campaigns, most especially if the cybercriminals are funded by a nation-state, as we sometimes report here in hackercombat.com

So what can a company do to mitigate the risks? To formulate mitigations without causing the ban of BYOD (Bring Your Own Device) which is highly productive for employees nor disabling the Internet connection for IoT (Internet-of-Things) devices. For any network administrator worth his salt will tell you, the more uniform the devices connected to the corporate network, the lesser the attack surface. Of course, it is no longer possible to ban personal smartphones in the workplace, given that leaders and the management team of companies use their personal devices for business use as well. IT team just have to find an alternative way to secure the enterprise network without enforcing cut-throat restrictions all over the place in the name of security.

There is no 100% security, and even us here at hackercombat.com can never claim that 100% security is achievable. In this article, we provide you a list of tips on how to increase corporate security without the company breaking the bank and easy to implement:

Define computers that do not require an Internet connection

Not all computers in the enterprise require an Internet connection, in fact, some computers that perform critical 24/7 task do not require a network connection. These machines run specific applications, produce a specific deliverable critical for the organization. There should be regular audit what are the computers that fall in this category, determine if they require connection or remain air-gapped for the rest of the cycle.

Build and keep an updated inventory

Having the updated inventory provides a good baseline in determining the best IT policy, what restrictions can be enforced which will be acceptable for everyone. With a good knowledge of the inventory, problematic equipment can easily be identified, quarantined and if necessary removed from the network (in case of malware infection).

Empower the leadership team with cybersecurity awareness

The leadership team, including the company’s board of directors and the rest of the staff members below them, should all be aware of cybersecurity risks. As the leadership team formulates corporate-level decisions, one wrong decision may cause a troubled brand and long term damaged customer confidence.

Be transparent with IT security policy

All policies that will be enforced need to be written, making it part of the employee’s handbook is even an advantage. The moment a newly hired employee steps into the organization, IT policies are made known. This prevents a gap between the employee and the employer when it comes to standard policies governing the office.

Keep software updated across the organization

This takes a lot of effort for the IT team to implement but must be done without any compromise. The company may allow a certain level of deferred updates in a small-scale for those that critically needs to finish a certain project or task, but that should not be an exemption for non-installation of software updates.

Use Open Source software as much as possible

Unlike the proprietary software, open source software is quickly patched with new updates as soon as a version with a fixed known issue is released. In the open source world, there is no need to wait for a “Patch Tuesday” in order to receive a fixed version of the buggy software. Patches are released as soon as the developers implemented the solution to the bug, security or feature-wise.

Also, Read:

IT Security Procedures You Should Not Forget After Electronic Gadget Shopping

Women Empowerment in Technology and IT Security Pushed

IT Security Culture Evolution of Businesses Exposed

Worldwide IT Security Spending to Hit $114bn This Year: Gartner Forecast

IT Security Pros Are Sure Feeling The Heat Of Modern Attacks

The post Corporate IT Security Starts With Simple Policies appeared first on .

5G Technology and Cybersecurity Concerns

5G is a modern reality, and people don’t connect it with the future concept anymore. As leading network operators announce the beginning of this new era of smart connectivity at the Mobile World Congress, that 5G will be calling the shots when it comes to shaping the future.

However, in the midst of this craze, the IT community speculated on the implications of the 5G version, wondering what exactly that means for the cybersecurity landscape. Taking a cue from history what we have learned so far is that advanced technology and adoption are a double-edged sword, which can quickly build and destroy. As reported in a recent Gartner report, in less than a year, two-thirds of companies plan to implement 5G, so it’s imperative that they prepare for a new wave of cyber threats, which will be launched on the already vulnerable environment.

Cybersecurity concerns of the 5G world

And yet this exciting new 5G world will have its share of cybersecurity challenges. Cybercriminals around the world will continue to look for ways to access user data. With billions of devices connected to the internet, they have a large attack surface to the weak link in the security chain.

In addition, the ability of hackers to cause damage and destruction is increasing exponentially. In today’s 4G world, a huge network of bots can be used on devices at home to trigger huge DDoS attacks on websites. In tomorrow’s 5G world, the same bot network could be used to eliminate a complete network of cars driving in a single city, causing chaos on the roads.

Of course, computer security is as important in the 5G world as in the 4G world – and maybe even more. A huge amount of remote sensors and smart devices connected, for example, to global supply chains will greatly increase the complexity of protecting corporate networks from intruders. The huge amount of data generated by 5G networks makes it difficult to detect deviations in the users’ behavior by hackers.

Basically, 5G is exposed to the same potential risks as its predecessors: authentication, accessibility, data security, and privacy. Since the different specifications of the 5G protocol have been transmitted by 3G and 4G networks, the vulnerabilities of these previous generations are also supported. Network degradation attacks represent a comparable and significant risk; the lack of authentication in the initial connection phase may allow opponents to downgrade the network to a 4G or 3G target so that they can exploit existing vulnerabilities.

As with any innovation, 5G will have its own share of cases in the vertical industries that require a modern level of security. Although technology offers a number of new opportunities for consumers and can transform both public and private sector industries, it is essential that cybersecurity remains at the forefront of any phase of the implementation process.

Also, Read:

The Future of Web Filtering in the Era of 5G Networks

EU’s G5 Technology Roll-out In The Age Of Anti-Huawei Publicity

Australia Doesn’t Want Huawei And Zte For Their 5G Networks

The post 5G Technology and Cybersecurity Concerns appeared first on .

Tips to Increase Your Bitcoin Security

Of all the cryptocurrencies available today, Bitcoin definitely is the most popular one. Investors are attracted by the potential value of this cryptocurrency. But let’s remember that whatever gets popular on the internet draws the attention of cybercriminals as well. Thus, Bitcoin, because of its popularity and also because of its potential value, does attract cybercriminals. Hence, it’s important that security measures are adopted to ensure and increase Bitcoin security. Here are some very basic tips that could help you increase your Bitcoin security…

Use a trusted web wallet

Agreed that web wallets are convenient and easy to access. They do enhance your trading experience, making it all very easy for you, but at the same time, it’s to be noted that many web wallets have serious security issues. Cybercriminals regularly seek to exploit web wallet-related vulnerabilities, aiming to lay their hands on users’ cryptocurrency funds. So, it would be good to opt for only trusted web wallets- those that have a good reputation as regards security. You could also think of avoiding web wallets or else you could even store cryptocurrencies in small amounts so that you lose small amounts in the eventuality of a cyberattack.

Opting to keep your bitcoin in cold storage is good

Opting to keep your bitcoin in cold storage ensures better security. Cold storage is nothing but storing bitcoin offline as a security precaution. This could include storing bitcoins on a USB drive or other such data storage medium, on a paper wallet or by using an offline hardware wallet. As a best practice, keep on the server only the amount that is needed to cover anticipated withdrawals. That helps minimize the possibility of an intruder stealing your entire bitcoin reserve in one attack. When your bitcoin reserve is stored on a cold wallet, the transaction can be done only by using private keys that are stored in the cold wallet. Hence, even if your system is malware-infected, it won’t impact transactions that you do from your cold storage.

Always keep your private keys offline

This is important for all wallet owners. Always keep your private keys offline and also refrain from sharing them. The best thing would be to store your private keys on a separate offline device. This would help secure your bitcoins.

Refrain from keeping your cryptos in one place

If you could use separate wallets and not store all your bitcoins in one place, it would ensure better security. You could opt to keep what you need for anticipated spending or trading in your online wallet and the remaining bulk of your funds, as mentioned earlier, in your offline wallet. Whenever you transfer large amounts of bitcoins into your online wallet, make sure whatever remains after the transaction is done is transferred back to your cold wallet. This ensures better safety. Having your bitcoins saved in different locations ensures that you don’t end up losing everything in the eventuality of a hack.

Go for fragmented backups

You should always try to store copies of your back in different secret locations. A fragmented backup in which you divide the backup seed into fragments could help in securing your bitcoins. Your wallet gets an extra layer of security as any attacker targeting your bitcoins would have to look for the fragments.

The other important tips that could help you secure your bitcoins include using a type 2 deterministic wallet (which uses a seed to deterministically create all future private keys) and also to try installing, if possible, Linux for online and offline computers that you use for transferring bitcoin-related data (using a USB drive) from online to offline environments.

Such basic security measures, if adopted, could ensure better security for your bitcoins.

Related Resources:

Fake Fortnite App Installs Hidden Bitcoin Miner

Hackers Attack Crypto Exchange With Bitcoin-Stealing Malware

Hacker Compromised JavaScript Library to Steal Bitcoin funds

Hackers Steal Around $41 Million in Bitcoin from Binance

The post Tips to Increase Your Bitcoin Security appeared first on .

Banking Trojan Infections Dominated In Q1 2019

Kaspersky Lab, the research arm of Kaspersky, an antivirus vendor has revealed that the first quarter of 2019 saw the double growth of banking trojan cases globally compared to the last quarter of 2018. Cybercriminals have switched their focus on banking trojan after the shutdown of the very popular Coinhive cryptojacking service last March 2019. With the focus towards profit, ransomware infections are slowly declining while operating system mitigations are lessening cryptocurrency malware’s infection vectors.

“In Q1 2019, Kaspersky Lab detected a 58% increase in modifications of banking Trojan families, used in attacks on 312,235 unique users. Banking Trojans grew not only in the number of different samples detected, but their share of the threat landscape increased as well. In Q4 2018, mobile banking Trojans accounted for 1.85% of all mobile malware; in Q1 2019, their share reached 3.24%,” explained Victor Chebyshev, Kaspersky’s Lead of Research Development team.

Banking trojans of 2019 are highly modular, with new features added on-the-fly by their respective authors. Kaspersky detected that for the first quarter of 2019 alone, 29,841 variants of banking trojans were discovered. That is a sizable increase from just 18,501 discovered variants in the 4th quarter of 2018.

“As is customary, first place in the Top 20 for Q1 went to the DangerousObject.Multi.Generic verdict (54.26%), which we use for malware detected using cloud technologies. Cloud technologies are deployed when the antivirus databases lack data for detecting a piece of malware, but the company’s cloud already contains information about the object. This is basically how the latest malicious programs are detected,” added Chebyshev.

Kaspersky is expecting that the mobile platform is the segment that will be mostly hit. This is given because users today tend to perform more computing with their mobile device compared to a full fledged computer.

“The rapid rise of mobile financial malware is a troubling sign, especially since we see how criminals are perfecting their distribution mechanisms. For example, a recent tendency is to hide the banking Trojan in a dropper – the shell that is supposed to fly to the device under the security radar, releasing the malicious part only upon arrival,” concluded Chebyshev.

Also, Read:

The All-New Kronos Banking Trojan Discovered

Multimedia Editing Software Hacked to Spread Banking Trojan

Redaman Banking Trojan of 2015 Resurrects, Targets Russian Email Users

How Protect Your Android Device From The Mobile Banking Trojan

The post Banking Trojan Infections Dominated In Q1 2019 appeared first on .

Cybercriminals continue to evolve the sophistication of their attack methods

Cybercriminals continue to evolve the sophistication of their attack methods, from tailored ransomware and custom coding for some attacks, to living-off-the-land (LoTL) or sharing infrastructure to maximize their opportunities, according to the Fortinet latest report. Pre- and post-compromise traffic Research to see if threat actors carry out phases of their attacks on different days of the week demonstrates that cybercriminals are always looking to maximize opportunity to their benefit. When comparing Web filtering volume for … More

The post Cybercriminals continue to evolve the sophistication of their attack methods appeared first on Help Net Security.

Phishing targeting SaaS and webmail services increased to 36% of all phishing attacks

Users of Software-as-a-Service (SaaS) and webmail services are being targeted with increasing frequency, according to the APWG Q1 2019 Phishing Activity Trends Report. The category became the biggest target in Q1, accounting for 36 percent of all phishing attacks, for the first time eclipsing the payment-services category which suffered 27 percent of attacks recorded in the quarter. Online SaaS applications have become fundamental business tools, since they are convenient to use and cost-effective. SaaS services … More

The post Phishing targeting SaaS and webmail services increased to 36% of all phishing attacks appeared first on Help Net Security.

Don’t Take the Bait! How to Steer Clear of Tax Time Scams

tax time scamsFor cybercriminals tax time is the most wonderful time of the year. They are in the shadows giddy, eager, and methodically setting a variety of digital traps knowing that enough taxpayers take the bait to render their efforts worthwhile.

Indeed, with the frenzy of online tax filings, personal information (and money) moving through mailboxes, and hardworking people eagerly awaiting tax refunds, crooks are perfectly positioned for big returns this year.

So let’s be wiser and let’s be ready.

Last year, the IRS noted a 60 percent spike in bogus email schemes seeking to steal money or tax information. This year its a surge in phishing scams, says the IRS, that should have taxpayers on alert.

“The holidays and tax season present great opportunities for scam artists to try stealing valuable information through fake emails,” said IRS Commissioner Chuck Rettig. “Watch your inbox for these sophisticated schemes that try to fool you into thinking they’re from the IRS or our partners in the tax community. Taking a few simple steps can protect yourself during the holiday season and at tax time.”

Scams to Look For

According to the IRS, phishing emails are circulating with subjects such as “IRS Important Notice,” “IRS Taxpayer Notice” and other iterations of that message. The fraudulent emails may demand payment with the threat of seizing the recipient’s tax refund or even jail time.

tax time scams

Attacks may also use email or malicious links to solicit tax or financial information by posing as a trustworthy organization or even a personal friend or business associate of the recipient.

While some emails may have obvious spelling errors or grammar mistakes, some scammers have gone to great lengths to piece together a victim’s personal information to gain their trust. These emails look legitimate, have an authentic tone, and are crafted to get even skeptics to compromise personal data using malicious web links.

Scams include emails with hyperlinks that take users to a fake site or PDF attachments that may download malware or viruses designed to grab sensitive information off your devices. With the right data in hand such as a social security number, crooks can file fake returns and claim your tax return, open credit cards, or run up medical bills.

Other tax scams include threatening phone calls from bogus IRS agents demanding immediate payment of past due tax bills and robocalls that leave urgent callback messages designed to scare victims into immediate payment.

Remember, the IRS will NOT:

  • Call to demand immediate payment over the phone, nor will the agency call about taxes owed without first having mailed you several bills.
  • Call or email you to verify your identity by asking for personal and financial information.tax time scams
  • Demand that you pay taxes without giving you the opportunity to question or appeal the amount they say you owe.
  • Require you to use a specific payment method for your taxes, such as a prepaid debit card.
  • Ask for credit or debit card numbers over the phone or
    e-mail.
  • Threaten to immediately bring in local police or other law-enforcement groups to have you arrested for not paying.

How to Protect Yourself

Be hyper-aware. Never open a link or attachment from an unknown or suspicious source. In fact, approach all emails with caution even those from people you know. Scams are getting more sophisticated. According to the IRS, thieves can compromise a friend’s email address, or they may be spoofing the address with a slight change in the email text that is hard to recognize.

Reduce your digital footprint. Now is a great time to go through your social accounts and online profiles, posts, and photos and boost your family’s privacy. Edit out any personal information such as your alma mater, your address, birthdate, pet names, children’s names, or mother’s maiden name. Consider making your social profiles private and filtering your friends’ list to actual people you know.

Have a strong password strategy. Cybercrooks count on their victims using the same password for multiple accounts. Lock them out by using unique passwords for separate accounts. Also, consider using two-factor authentification that requires a security code (sent to your phone) to access your account.

Install security software. Phishing emails carry malware and viruses designed to infect your devices and grab your family’s sensitive data or even seize your computer via ransomware. Crooks aren’t messing around so neither should you. Meet fire with fire by investing in comprehensive security software to protect your devices.

If you are the victim of tax fraud or identity theft, take the proper reporting steps. If you receive any unsolicited emails claiming to be from the IRS, forward them to phishing@irs.gov  (then delete the emails).

The post Don’t Take the Bait! How to Steer Clear of Tax Time Scams appeared first on McAfee Blogs.