News Archives

 

tax_fraud_2023

 IT'S TAX SEASON 

It’s the beginning of the brand-new year, but that also means it’s the annual tax filing season. With that in mind, lets remind ourselves of the best cyber security practices to follow in order to maintain a safe season from identity fraud and potential scams. The U.S. Internal Revenue Service has identified Tax Refund Fraud as its No. 1 fraud scam! Identity thieves are using stolen personally identifiable information to file victims’ tax returns and then receive their refunds. Here’s how they do it and ways to combat and prevent it. 

 Due to paperless e-filing, this scam is easier to pull off than ever before. Thieves can simply make up phony wages or other income, submit the information electronically and receive the fraudulent refund via mail or direct deposit within a month. Of course, the IRS keeps records of earned wages and other types of taxable income reported by taxpayers’ employers and other organizations. However, the IRS doesn’t match these records to information submitted electronically by identity thieves until several months after it issues refund checks. By the time the IRS tells the victim that it has received another tax form in his or her name, the thief has cashed the refund check and is long gone with the money. The identity thief wins, and the U.S. Treasury and the victimized taxpayer are the losers. 

Signs that you may be a victim of identity theft include: receiving a letter from the IRS about a suspicious tax return, an IRS notice of an online account being created in your name, IRS record indicating you received wages from an employer you didn’t work for, or being assigned an EIN number without requesting. Additionally, be cautious of scams and phishing methods that are used to retrieve your PII (Personally Identifiable Information). You may receive calls from the “IRS”, texts from the “IRS”, and emails from the “IRS”.  

Be sure to report and don’t respond to these contacts as the IRS will only contact you through mail with a government envelope, with the IRS seal. Here are some ways you can protect yourself 

  • Identity theft protection service
  • Implementing strong passwords with Multi-Factor Authentication
  • Credit Monitoring
  • Reviewing any credit/bank reports on a consistent basis.

Make your 2023 Tax Season identity theft and problem free!


Tis the season to be CyberSecure!

The holiday season is a busy time of year when many people doing their shopping online. While this may be convenient and save time, it also increases the risk of being a target of cyber threats. Using your Credit Card for Christmas shopping ? Buying Gift Cards for near and dear ones ? Here are few tips to avoid an unwanted surprise this holiday season.

One of the most important steps is to be aware of both phishing and scam emails, and ‘smishing’ text messages. During the holiday season, there is an ever-increasing amount of emails and text messages that claim to be from reliable sources such as online stores, banks, and even charities. These messages typically have a subject line that looks legitimate and contain links to malicious websites and/or attachments that can contain viruses or other malware. It is important to be able to identify these messages and not click on any links or download any attachments.

Tips to Identify Smishing (Text Message)

  • Check the sender’s phone number: If the sender’s phone number looks unfamiliar or suspicious, it could be a sign of a smishing message.
  • Look for suspicious requests: Smishing messages often contain requests for personal or financial information. If the text contains any requests for this kind of information, it is likely a smishing message.
  • Look for links: If the link looks suspicious, do not tap on it.
  • Look for urgent language: Smishing messages often contain language that is designed to make the receiver act quickly without thinking. If the text contains urgent language, it is likely a smishing message.
  • Don’t trust attachments: Do not open any attachments sent in the text, as they could contain malicious software.

Tips to Identify Phishing (E-Mail)

  • Check the sender’s email address: If the sender’s email address looks suspicious or unfamiliar, it could be a sign of a phishing or spam email.
  • Look for poor grammar and spelling: If the email contains multiple spelling and grammar mistakes, it could be a sign that it was sent by a malicious sender.
  • Check for malicious links: If the email contains a link, hover over it with your mouse to see where it will take you. If the link looks suspicious, do not click it.
  • Look for urgent language: Phishing and spam emails often contain language that is designed to make the receiver act quickly without thinking. If the email contains urgent language or requests for personal or financial information, it is likely a phishing or spam email.
  • Don’t trust attachments: Do not open any attachments sent in the email, as they could contain malicious software.

When shopping online, it is equally as important to make sure that you are safe. Below are a couple different ways to help ensure your safety when shopping online…

  • Confirm that the website is secured with HTTPS and has a valid SSL certificate.
  • Use a secure payment method and make sure to be aware of the return/refund policies of the online stores that you are using.
  • Use a credit card for online purchases: this can provide an additional layer of protection in the case of fraudulent charges.
  • Be aware of the potential consequences of falling victim to a cyber threat: If you do fall victim, your personal information could be stolen and used to commit identity theft or fraud.
    • It is also possible that your computer could become infected with malware which can damage your system and cause data loss.

Another important step to stay safe from cyber threats during the holiday season is to be aware of public Wi-Fi networks. As the North Carolina Department of Information Technology states, “The safest approach is to avoid using public Wi-Fi networks unless absolutely necessary.” Many people fly during the holidays, which means they will likely be accessing Wi-Fi in airports and other public places.

  • Use a virtual private network (VPN) when accessing public Wi-Fi: This will help protect your data.
  • Ensure that your devices are secure and up to date by downloading and installing the latest updates and patches for your device.
  • Ensure you are using a secure password on all of your devices and your antivirus software is up to date.
  • DO NOT use public computers for shopping or banking: These systems are at greater risk of being compromised.

By properly identifying smishing text messages, phishing and scam emails, using secure websites and payment methods, being aware of the potential consequences of using public Wi-Fi networks, making sure that your devices are secure, and not relying on public computers for shopping or banking, you can help ensure that you have a safe and secure holiday.

 ~Happy Holidays & A New Year 2023! Stay CyberSecure!~


BEWARE OF THE IRS SCAMS THIS TAX SEASON!!!

Filing taxes can be complicated, and scammers know that stressed out people are more likely to fall for phishing scams, so with tax season upon us, it is important to stay up-to-date on all the different methods someone might use to try and steal from you, as-well as simple things to look out for to identify a possible scam. One common tactic used is where a scammer will make aggressive calls posing as an IRS agent in hopes of intimidating you into sending money, and revealing personal information. Keep in mind if you ever receive a call like this that the IRS will never call you unexpectedly, so any such calls should raise an immediate red flag. Another method that scammers might use is promising to settle your debt with the IRS for “pennies-on-the-dollar”. While they promise to settle your debt, they will try to force you to pay thousands of dollars for their fake service. Keep in mind that the IRS has their own settlement program, but again, they will not call you unexpectedly. On top of the repeated and over-used scam calls, scammers create new variations of tax-related scams every year to try and up their success rate. One that is going around is where a scammer leaves a voicemail threatening to suspend and/or terminate your Social Security Number (SSN) unless the call is returned. Once you call back, the scammer will request personal information and a payment. The important thing to remember for this scam is that not even the IRS has the ability to ‘terminate’ a SSN, so if anyone threatens to do such a thing, chances are it is a scam. If you are ever in a situation where you are unsure if a phone call is legitimate or not, hang up the phone and call the company/organization directly through a customer support phone number – this way you can verify if it was a legitimate call.

If you suspect any such fraud IMMEDIATELY report it to us at phishing@jwu.edu Be CyberSafe!


Cybersecurity Alert-Ransomware Phishing Attacks

Dear Johnson & Wales University Faculty, Staff and Students,

The Office of Information Security Services (ISS) has seen a surge in ransomware attacks targeting colleges and universities resulting in network outages, theft of sensitive information and blocking access to essential data systems through encryption. Cybercriminals then demand payment in exchange for returning access to the targeted institution. Email phishing attacks are one of the most common and most successful attack vector cybercriminals are utilizing.

These sophisticated email phishing attacks are tailored to the target environment by leveraging current events and impersonating well known university individuals. These emails will appear to be from legitimate university and external sources and attempt to trick you into responding to the email message and submitting your login credentials (i.e. username and password) on webpages which appear to be legitimate.

The university has made significant and ongoing investments in information security technologies. Unfortunately, technology can address only a fraction of the information security risks the university faces. Therefore, JWU needs you to do your part to help protect against this ongoing threat. Here are a few tips to follow:

  • External Email Warning banner - while most messages from outside of the university network will contain the “External Email Warning” header, always carefully check the sender email address even if the email looks legitimate. The lack of a warning header should not be viewed as an automatic validation of the legitimacy of a received email. No technical control such as the “External Email Warning” is beyond compromise or bypass by Cybercriminals.
  • Use Caution - when opening any attachments in an email. Any email claiming to be from JWU will have the @jwu.edu domain name.
  • Report an Incident - if you receive an email that appears to be suspicious or is from a sender that you are unfamiliar with and directs you to open an attachment, report it by forwarding to phishing@jwu.edu and delete it from your inbox.
  • Create a ticket with IT by calling 1-866-598-4357 or 401-JWU-HELP (401-598-4357), or going to our report page. After submitting the email for review, do not click on any links in the email or open any attachments.
  • Reset Password - if you have submitted your network credentials to a suspicious website, immediately reset your password via SSPR or have it reset by IT.

_________________________________________________

Robinhood Data Breach

1, 2, 3, … 7 Million, that’s the total amount of accounts that were compromised under Robinhood on November 3rd, 2021. Firstly, what is Robinhood? It is a financial company that gives available services for persons to trade stocks, exchange-traded funds, and cryptocurrency through a mobile app. Interestingly enough, it wasn’t the first time Robinhood had accounts compromised. In October 2020, there was at least 2,000 accounts that were exposed. At the time, Robinhood had a total number of 13 million customers and a security incident, such as exposing customer’s information, became a red flag for the company. This initiated the company to insist customers on setting up MFA (Multi-Factor Authentication) for their accounts. In this instance, a stronger layer of protection is projected on a customer’s account. If Robinhood expects potential fraud, the account is frozen, investigated, and customers are prompted to reset their password through MFA.

However, on November 3rd, 2021, Robinhood’s staff is to blame for seven (7) million customers information being exposed. The attacker social engineered a customer support employee over the phone by deceiving the employee into downloading a remote access software, gaining access to Robinhood’s support systems. Five (5) million customers emails, two (2) million names, hundreds of customer’s personal information, and 10 extensive account details for customers were compromised. As a result, the perpetrator is now selling the data through an underground forum for the amount of five-figures ($10,000+). If you have a Robinhood account, please mitigate the circumstances by resetting your password immediately, using stronger passwords (special characters, uppercase/lowercase, more then 8 characters), and enabling multi-factor authentication. The perpetrator responsible for Robinhood’s breach is the same person who infiltrated the FBI’s website on November 13th,2021 to send out 100,000 fake urgent emails.  Remember, information security is a priority.

Read More : https://blog.robinhood.com/news/2021/11/8/data-security-incident

 


COVID Scams

Please be aware of any Covid-19 Phishing emails. For more information please click here: Battling online coronavirus scams with the facts


 

Tax Scam

The Office of Information Security Services (ISS) is committed to keeping university students, faculty & staff Cyber Safe by alerting you of an Internal Revenue Service (IRS) phishing scam that appears to primarily target educational institutions, including students and staff who have “.edu” email addresses. Additional details can be found on IRS-impersonation phishing email scam.

What you should be alert to

  • The phishing emails display the IRS logo and use various subject lines such as “Tax Refund Payment” or “Recalculation of your tax refund payment.” It asks people to click a link and submit a form to claim their refund, requesting information i.e. SSN, First and Last Name, DOB, Prior Year Annual Gross Income, Driver's License number, Current address, and IRS Electronic Filing PIN.

What you should do if you receive this scam:

  • DO NOT click on the link in the email.
  • If you would like, you can report the scam to the IRS. To do this, save the email using “save as” and then send as an attachment to phishing@irs.gov or forward the email as an attachment to phishing@irs.gov.

If you have already clicked on the link and provided your personal information is has now been stolen:

  • Please consider immediately obtaining an Identity Protection PIN. This is a voluntary opt-in program. An IP PIN is a six-digit number that helps prevent identity thieves from filing fraudulent tax returns in the victim’s name.
  • Please consider implementing the "Data Breach? Lost Info" Identity Theft protection measures, published by the Federal Trade Commission

NOTE: If you believe you have a pending refund, you can easily check on its status at “Get Your Refund Status” on IRS.gov.

Stay CyberSafe this Tax Season!