Security Awareness

TALK TO YOUR FAMILY ABOUT SECURITY ONLINE AND AT HOME

For families with children and aging parents, it’s important to make sure everyone guards their personal information online and at home.

If everyone in your family uses the same computer, do not turn off any security software or open any suspicious emails. Never click on embedded links or download attachments of emails from unknown sources. Actions by one computer user could infect the machine for all users.

Do not store credit card information on any website (Amazon, EBay, etc.).  Kids & aging parents should be warned against oversharing personal information on social media. Oversharing addresses, a new family car or a parent’s new job gives identity thieves a window into an extra bit of information they need to impersonate you.

If your computer has a webcam, keep the camera covered with a Post-It note so if an outsider does log into your computer, they cannot see your home through the webcam.  Protect your passwords.  The longer the password, the tougher it is to crack.  Use at least 10 characters; 12 is ideal for most home users.  Mix letters, numbers and special characters.  Try to be unpredictable – don’t use your name, birthdate, pet names or common words.  Don’t use the same password for many accounts.  If it is stolen from you – or from one of the companies with which you do business – it can be used to take over all your accounts.  Don’t share passwords on the phone, in texts or by email.  Legitimate companies will not send you messages asking for your password.  If you get such a message, it’s probably a scam.  Keep your passwords in a secure place, out of plain sight.

Don’t assume ads or emails are from reputable companies.  Check out companies to find out if they are legitimate.  When you’re online, a little research can save you a lot of money and reduce your security risk.  If you see an ad or an offer that looks too good, take a moment to check out the company behind it.  Type the company or product name into your favorite search engine with terms like “review,” “complaint” or “scam.”  If you find bad reviews, you’ll have to decide if the offer is worth the risk.  If you cannot find contact information for the company, take your business and your financial information elsewhere.  Even if a site features an ad for another site doesn’t mean that it endorses the advertised site, or is even familiar with it.

Aging parents may also need assistance for someone to routinely review charges to their credit cards or withdrawals from their financial accounts.  Unused credit cards should be canceled.  An annual review should be made of their credit reports at annualcreditreport.com to ensure no new accounts are being opened by thieves, and reviewing the Social Security Administration account to ensure no excessive income is accruing to their account.

Seniors also are especially vulnerable to scam calls and pressure from fraudsters posing as legitimate organizations, including the Internal Revenue Service, and demanding payment for debts not owed.  The IRS will never make threats of lawsuit or jail or demand that a certain payment method, such as a debit card, be made.

Some simple steps—and a conversation—can help the young and old avoid identity theft schemes and scammers.

Here are a few basic tips to recognize and avoid a phishing email:

  • It contains a link. Scammers often pose as the IRS, financial institutions, credit card companies or even tax companies or software providers.  They may claim they need you to update your account or ask you to change a password.  The email offers a link to a spoofing site that may look similar to the legitimate official website.  Do not click on the link.  If in doubt, go directly to the legitimate website and access your account.
  • It contains an attachment. Another option for scammers is to include an attachment to the email.  This attachment may be infected with malware that can download malicious software onto your computer without your knowledge.  If it’s spyware, it can track your keystrokes to obtain information about your passwords, Social Security number, credit cards or other sensitive data.  Do not open attachments from sources unknown to you.
  • It’s from a government agency. Scammers attempt to frighten people into opening email links by posing as government agencies.  Thieves often try to imitate the IRS and other government agencies.
  • It’s an “off” email from a friend. Scammers also hack email accounts and try to leverage the stolen email addresses.  You may receive an email from a “friend” that just doesn’t seem right.  It may be missing a subject for the subject line or contain odd requests or language.  If it seems off, avoid it and do not click on any links.  You may want to call your friend and see if they sent you an email.
  • It has a lookalike URL. The questionable email may try to trick you with the URL.  For example, instead of irs.gov, it may be a false lookalike such as www.irs.gov.maliciousname.com.  You can place your cursor over the text to view a pop-up of the real URL.
  • Use security features. Your browser and email provider generally will have anti-spam and phishing features.  Make sure you use all of your security software features.

Here are a few simple steps you can take to protect yourself:

  • Avoid suspicious phishing emails that appear to be from the IRS or other companies; do not click on the links—go directly to their websites instead.
  • Beware of phishing scams asking you to update or verify your accounts.
  • To avoid malware, don’t open attachments in emails unless you know who sent it and what it contains. Be sure to look at the actual email address (i.e., the address that contains the “@” sign).  For example, if you get an email from your friend Jane and you look at the actual email address and it says Jane103@comcast.net and that is indeed Jane’s address, you know the email is safe.  If, however, the actual email address is Jane103@xyzrun.com, then you know the email is most likely spam.
  • Download and install software only from websites you know and trust.
  • Use security software to block pop-up ads, which can contain viruses.
  • Ensure your family understands safe online and computer habits.
  • Look for the “S”. When shopping or banking online, always look to see that the site uses encryption to protect your information.  Look for “https” at the beginning of the web address.  The “s” is for secure.  Unencrypted sites begin with an http address.  Additionally, make sure the https carries through on all pages, not just the sign-on page.
  • Secure Wireless Networks. A wireless network sends a signal through the air that allows it to connect to the Internet.  If your home or business Wi-Fi is unsecured, it also allows any computer within range to access your wireless and potentially steal information from your computer.  Criminals also can use your wireless to send spam or commit crimes that would be traced back to your account.  Always encrypt your wireless.  Generally, you must turn on this feature and create a password.
  • Be cautious when using public wireless networks. Public Wi-Fi hotspots are convenient but often not secure.  Tax or Financial Information you send through websites or mobile apps may be accessed by someone else.  If a public Wi-Fi hotspot does not require a password, it probably is not secure.  Remember, if you are transmitting sensitive information, look for the “s” in https in the website address to ensure that the information will be secure.

Here are a few basic steps to making passwords better and stronger:

  • Add password protections to all devices. You should use a password to protect any device that gives you that opportunity.  Not only your computer, tablet or mobile phone but also your wireless network.  The password is your first line of defense.
  • Change all factory password settings. If your device comes with factory password settings, for example the camera on your laptop, change it immediately.
  • Longer is better. A password should be a minimum of eight digits but 10 to 12 is even better.  It should be a combination of upper case and lower case letters, numbers and special characters.  Do not use your name or birthdate.
  • Do not repeat passwords. These days, people often have multiple password-protected accounts.  Do not use the same password repeatedly.  Should a thief steal your password, he immediately will have access to other important accounts.  Use different passwords, especially on important financial or tax accounts.
  • Use two-factor authentication options. Many social media and financial institutions now give you the option of setting up a two-factor or two-step authentication process.  A two-factor process involves a security code being sent to your registered mobile phone or personal email.  This means if a thief manages to steal your user name and password, he will be blocked from accessing your accounts.
  • Consider a password manager. One option for keeping track of your passwords on multiple accounts and getting help in creating strong passwords is to use a password manager.  Some reputable companies offer free or low-cost versions of their products.  See if a password manager might be right for you.

“BAIT LURES”

Example of “bait” lures:  “Update your account now.”  “You just won a cruise!”  “The IRS has a refund waiting for you.”

In the cyber world these sentences are used in emails, telephone calls and texts all designed to separate you from your cash, your passwords, your social security number or your very identity.

When it comes to this type of crime, the main line of defense is not technology, it is you.

Criminals pose as a person or organization you trust and/or recognize.  They may hack a friend’s email account and send mass emails under their name.  They may pose as your bank, credit card company or tax software provider.  Or, they may pose as a state, local or federal agency such as the Internal Revenue Service or a state agency.  Criminals go to great lengths to create websites that appear legitimate but contain phony log-in pages.

Just remember:  No legitimate organization—not your bank, not your tax software company, not the IRS—will ever ask for sensitive information through unsecured methods such as emails.  And the IRS never sends unsolicited emails or makes calls with threats of lawsuits or jail.

Scam emails and websites also can infect your computer with malware without you even knowing it.  The malware can give the criminal access to your device, enabling them to access all your sensitive files or track your keyboard strokes, exposing log-in information.

STEPS FOR MAKING IDENTITY PROTECTION PART OF YOUR ROUTINE

Here are steps you can make part of your routine to protect your tax and financial information:

  1. Read your credit card and banking statements carefully and often; watch for even the smallest charge that appears suspicious. (Neither your credit card nor bank—or the IRS—will send you emails asking for sensitive personal and financial information such as asking you to update your account.)
  2. Review all paper notices and correspondence from the Internal Revenue Service, Department of Revenue, or any other government agency. As long as the notice is official you may need to respond.  You might want to seek advice from a tax professional before responding to any income tax notices.  Warning signs of tax-related identity theft can include IRS notices about tax returns you did not file, income you did not receive or employers you’ve never heard of or where you’ve never worked.
  3. Review each of your three credit reports at least once a year. Visit annualcreditreport.com to get your free reports.
  4. Review your annual Social Security income statement for excessive income reported. You can sign up for an electronic account at gov.
  5. Read your health insurance statements; look for claims you never received.
  6. Shred any documents with personal and financial information. Never toss documents with your personally identifiable information, especially your social security number, in the trash or recycle bin.
  7. If you receive any routine federal deposit such as Social Security Administrator or Department of Veterans Affairs benefits, you probably receive those deposits electronically. You can use the same direct deposit process for your federal and state tax refund.  IRS direct deposit is safe and secure and places your tax refund directly into the financial account of your choice.
  8. Always use security software with firewall and anti-virus protections. Make sure the security software is always turned on and can automatically update.  Encrypt sensitive files such as tax records you store on your computer.  Use strong passwords.
  9. Learn to recognize and avoid phishing emails, threatening phone calls and texts from thieves posing as legitimate organizations such as your bank, credit card company and government organizations, including the IRS. Do not click on links or download attachments from unknown or suspicious emails.
  10. Protect your personal data. Don’t routinely carry your Social Security card, and make sure your tax records are secure.  Treat your personal information like you do your cash; don’t leave it lying around.
  11. Do not give a business your SSN or ITIN just because they ask. Give it only when required.
  12. Do not give personal information over the phone, through the mail or on the internet unless you have initiated the contact or you are sure you know with whom you are dealing.
  13. Secure personal information in your home.
  • Whether stored on paper or kept electronically, the IRS urges taxpayers to keep tax records safe and secure, especially any documents bearing Social Security numbers. The IRS also suggests scanning paper tax and financial records into a format that can be encrypted and stored securely on a flash drive, CD or DVD with photos or videos of valuables.
  • Now is a good time to set up a system to keep tax records safe and easy to find when filing next year, applying for a home loan or financial aid. Tax records must support the income, deductions and credits claimed on returns.  Taxpayers need to keep these records if the IRS asks questions about a tax return or to file an amended return.
  • It is even more important for taxpayers to have a copy of last year’s tax return as the IRS makes changes to authenticate and protect taxpayer identity. Beginning in 2017, some taxpayers who e-file will need to enter either the prior-year Adjusted Gross Income or the prior-year self-select PIN and date of birth.  If filing jointly, both taxpayers’ identities must be authenticated with this information.  The AGI is clearly labeled on the tax return.
  • If disposing of an old computer, tablet, mobile phone or back-up hard drive, keep in mind it includes files and personal data. Removing this information may require special disk utility software.  More information is available on IRS.gov at How long should I keep records?

TIPS FOR USING CREDIT BUREAUS TO HELP PROTECT YOUR FINANCIAL ACCOUNTS

If you believe you are a victim of identity theft, you should contact one of three major credit bureaus to place a “fraud alert” on your credit account.

The three main credit bureaus:

If you are an identity theft victim, you need contact only one of the three to request a fraud alert.  One bureau must notify the others when a fraud alert is requested.  You’ll get a letter from each credit bureau.  It will confirm that they placed a fraud alert on your file.

A fraud alert is free, and it lasts for 90 days.  You can renew it.  It provides a red flag to other businesses where the thieves may be trying to open accounts and legitimate businesses may take additional steps to verify the identities.