IRS does not call to demand cash

Coming off of very busy weeks presenting in Columbus, Cincinnati, Durango, Sarasota,  Kansas City, Columbus (again) and Kansas City (again). A few times the question was raised about fake phone calls from someone pretending to be an IRS agent and demanding money for past due taxes. The IRS of course, doesn’t do this sort of thing.

One person told me that she thought the call was a fake until the person on the phone told her his “official badge number”. That made her think it was real although in the end she still didn’t send any money, thank goodness.

The New York Times columnist David Segal wrote about this fraud in last Sunday’s Times. Here is a link to the column.

http://www.nytimes.com/2016/02/28/your-money/irs-calling-to-demand-cash-dont-pay-up-hang-up.html

40 Bitcoins equals $ 17,000

Hollywood Presbyterian Medical Center is aware of this bitcoin conversion because that is what they said they paid to hackers to get the encryption key to unlock their data. The linked article provides more details, but to prevent this from happening to you personally or to your organization, do two things:

  1. Educate employees/family members about the phishing emails that download the ransomware/cryptolocker on the network.
  2. Maintain offline backups of all essential computer files.

No person or business should ever have to pay ransom to get their files back. All cases like this do is encourage the hackers and more attempts to victimize us.

http://www.cbsnews.com/news/hospital-explains-decision-to-pay-ransom-to-hackers/

Ransomware is very profitable for the cyber thieves

The security from Imperva reports that over a three-month period in 2015, a single cybercrime gang managed to earn at least $330,000 in bitcoins thanks to an estimated 670 victims paying attackers’ ransom demand to decrypt their ransomware-infected systems.

On this point, I recently received a phone call from a small business owner who was a victim of ransomware. All his computer files were encrypted and the ransom demanded was $ 500. Unfortunately, he had not backed up his files. If he had a recent backup, he could simply restore from that and not have to pay any ransom. Prepared to pay the ransom, he asked me if the hackers will provide him with the encryption key if he paid up. There is no way to be sure, as I tell my audiences, but the hackers have a reputation to protect. What’s next, customer satisfaction surveys from hackers? “How was your hacking experience with us? Refer a victim and get $ 50 off your next ransom payment.”

Remember to keep your files backed up on an external device. To prevent the malware that encrypts your files in the first place, avoid clicking on links or attachments in emails from unknown senders.

Tax Refund Identity Theft

The Wall Street Journal had a great article this past weekend on identity theft tax refund fraud. I have been talking about this crime in my presentations and ways to stay protected so you don’t become a victim. Here is some additional advice from the article:

 

“Probe your preparer. If you use a tax preparer, ask about the firm’s data protection. Experts say that respected old-line, stand-alone tax and accounting firms are currently rich targets for thieves looking to harvest large amounts of data to use in preparing credible returns that will slip by fraud filters.

Change your passwords. This is one of the most important tips for self-preparers. Make passwords strong and don’t use the same one for different portals.

Also practice good security hygiene: resist giving out your Social Security number and other personal information; shred paper records before disposing of them; and use antivirus protection in your computer.”