Tax phishing attack warning from IRS and more security headlines

Scam Of The Week: IRS warns of new tax phishing attack

ALERT: The current tax phishing scam works in two steps so watch out for possibly bogus emails for your tax information.

STEP 1: Cybercriminals are sending emails, posing as potential clients, and interested in services from tax professionals. The tax preparer responds, and the bad guys send a second email with a malicious tax phishing attachment. The tax preparer falls for this social engineering attack and that compromises the machine and now the bad guys “own” the tax preparer’s computer.

STEP 2: The bad guys now use the tax pro’s computer to send out legit looking emails to all the tax pro’ clients and get their financial records sent over to their own email address, so they can quickly file a fake tax return and pocket the money, using the illegally obtained information.

So, when you get any email about your taxes, or your W2 from literally anybody, whether you know them or not, pick up the phone and verify with your known, trusted tax preparer that they actually sent you that email. If you send tax information via email, triple-check that the email address you are sending is correct and type it in yourself in the “To” field.

Read full article:

Security Headlines

HealthcareinfoSecurity – Insurer Slapped with $2.2 Million HIPAA Settlement

The Department of Health and Human Services has issued its second HIPAA enforcement action for 2017. HHS’ Office for Civil Rights has entered a $2.2 million settlement with a Puerto Rican insurance company in the wake of its investigation of a 2011 breach involving a stolen unencrypted USB drive that affected only about 2,000 individuals.

HealthcareinfoSecurity – Mac Malware Targets Biomedical Institutions

Malwarebytes calls the malware Quimitchin, which is the name for Aztec spies who would infiltrate other tribes. Apple, meanwhile, has dubbed it Fruitfly.

Fruitfly contains functions and system calls that predate OS X – Apple’s major rewrite of its operating system that debuted in 2001. Reed writes that the malware also employs a code library called libjpeg, which is used for encoding and manipulating JPEG images. But the library, as implemented in Fruitfly, hasn’t been updated since 1998.

Darkreading – 7 Common Reasons Companies Get Hacked

Businesses suffering from security breaches span all sizes and industries, but they often make the same mistakes. Many cyberattacks in 2016 could be attributed to similar root causes.

To be fair, security pros continue to face the same challenges, explains Diana Kelley, global executive security advisor at IBM. The most common causes behind major breaches can be grouped into two categories, she says: humans and hygiene.

The human factor relates to employees’ behavior and how they interact with enterprise systems. Cyber hygiene refers to how businesses keep their systems patched and updated.

Darkreading – Number Of Data Breach Disclosures Jumped 40% in 2016

Last year witnessed few data breaches of the kind that rocked 2015 when organizations like Anthem, the Office of Personnel Management and Ashley Madison reported security incidents involving tens of millions of personal records. Still, 2016 was a pretty bad year for data breaches.

New data from the Identity Theft Resource Center (ITRC) and CyberScout show that 2016, in fact, had more reported breaches than any previous year.

A total of 1,093 security incidents involving loss of sensitive data were disclosed last year. The number represented a 40 percent jump compared to the 780 breaches reported in 2015. In all, about 36.7 million records were exposed in the breaches, which the two organizations described as any incident where an individual’s name along with their driver’s license number, Social Security Number, bank or financial account data, medical records and credit or debit card data is exposed.–in-2016/d/d-id/1327935

Vendor Information

Microsoft – What the end of Patch Tuesday means for businesses

Microsoft will shake up its long-standing patching process next month, replacing its monthly Patch Tuesday security bulletins (also known as Update Tuesday) with a new database and all-encompassing automatic updates.

Microsoft says the change is a direct result of customer feedback. “Our customers have asked for better access to update information, as well as easier ways to customize their view to serve a diverse set of needs,” a member of the Microsoft Security Response Center wrote in a post to explain the switch from bulletins to database.

Cisco – 5 Takeaways From Cisco’s Big Cybersecurity Report

Companies are still using outdated technology leaving them prone to cyber attacks, security researchers are losing their confidence, and hackers are making millions of dollars through so-called ransomware attacks.

These are some of the findings detailed in Cisco’s annual report on the state of cybersecurity based on research the company obtained from customers, outside security analysts, and its networking devices connected to the Internet.

Here’s five interesting takeaways from the big report:

Security Bulletins from the FBI and DHS

FBI – How To Get Your Money Back If Your Tax Refund Is Stolen

Did a thief beat you to filing your own taxes this year?

You’re not alone. More and more Americans are finding that someone has taken over their identity to file a fraudulent tax return in their name and collect the refund check.

In the first half of 2013, 1.6 million taxpayers were hit by tax identity theft, compared to just 271,000 in all of 2010, the Treasury Inspector General for Tax Administration reported. And the IRS paid out $5.8 billion in stolen tax refunds in 2013, according to a study by the General Accountability Office (GAO).

DHS – Canadian Institute for Cybersecurity launched

The worldwide cybersecurity market is large and growing, with market sizing estimates ranging from $75 billion in 2015 to $170 billion by 2020. The size of the market is a response to the rising global cost of cyberattacks, which is expected to grow to $2.1 trillion by 2020. The Canadian Institute for Cybersecurity, aiming to be a hub for research, training, and industry collaboration, opened at the University of New Brunswick on Monday with more than $4.5 million in funding and the establishment of a research partnership with IBM.

Related Posts