Tag: security

Protect Your IRS Tax Identity

It’s not big news that scams, frauds, and identity theft are on the rise. New, pandemic-inspired scams related to Economic Impact Payments (EIPs) and Paycheck Protection Program (PPP) funds have started, while income tax filings and financial information remain big, juicy targets for criminals. 

Scrabble tiles spelling "who are you" in a square.

The IRS has responded by expanding its Identity Protection Program to any taxpayer who can verify her or his identity, instead of being limited to taxpayers who report an identity theft issue. The IRS and the tax preparer community want to inform taxpayers about the Identity Protection PIN Opt-In Program to protect against tax-related identity theft when filing a federal income tax return.

Six things to know about the Identity Protection PIN Opt-In Program (IP PIN):

  1. The IP PIN is a six-digit code known only to the taxpayer and to the IRS. It helps prevent identity thieves from filing fraudulent tax returns using a taxpayers’ personally identifiable information.
  1. To obtain an IP PIN, the best option is Get an IP PIN, the IRS online tool. Taxpayers must validate their identities to access the tool and their IP PIN. Before attempting the process, see Secure Access: How to Register for Certain Online Self-Help Tools
  1. Once issued by the IRS, the taxpayer’s tax account is locked, and the IP PIN serves as the key to opening that account. Electronically-filed federal income tax returns that do not contain the correct IP PIN will be rejected and a paper return must be filed.
  1. An IP PIN is valid for one specific calendar year. A new IP PIN must be obtained for each filing season.
  1. Current tax-related identity theft victims who have been receiving IP PINs via mail will continue to receive an annual IP PIN to file her or his federal income tax return.
  1. There is no opt-out option. The IRS is working on it for 2022. Taxpayers who cannot provide an IP PIN or obtain a replacement can’t unlock her or his tax account and must file the return in paper form. Any refund will take several weeks to process.

The IRS IP-PIN Program is an option for taxpayers to protect her or his identity from theft and fraudulent tax filings. For taxpayers that want to use the program, the IRS offers more information and instructions at this link – https://www.irs.gov/identity-theft-fraud-scams/get-an-identity-protection-pin.

Is Your Computer Secure?

We use our computers and other devices every day. Cyber thieves know that, so they work every day to break into computer systems to steal valuable financial and personal data. We are all vulnerable and we all need to protect ourselves. Security advice to protect your data is everywhere. But how can you sift through all of it? 

That red screen can’t be good!

Here are five tips compiled from different reliable sources to help you create a secure computer environment and protect your private information:

  • Anti-virus Software

Anti-virus software scans computer files or memory for certain patterns that may indicate the presence of malicious software and looks for patterns based on the signatures or definitions of known malware from cyber criminals. Anti-virus vendors find new issues and update malware daily, so it is important that you have the latest updates installed on your computer. Keep security software set to automatically receive the latest updates so that it is always current.

  • Firewalls

Firewalls provide protection against outside attackers by shielding your computer or network and preventing malicious software from accessing your systems. Firewalls can be configured to block data from certain suspicious locations or applications while allowing relevant and necessary data through. But remember, firewalls do not prevent attacks; they protect against malicious traffic (unless the user accidentally installs malware – see “phishing” below).

  • Two-Factor Authentication

Many email providers now offer two-factor authentication protections to add an extra layer of protection. Often, two-factor authentication means the returning user must enter username and password plus another step, such as entering a security code sent via text to a mobile phone. A thief may be able to steal the username and password but it’s highly unlikely they also would have the mobile phone to receive the code and complete the process.

  • Backup software/services

Critical files on computers should routinely be backed-up to external sources, such as a copy of the file is made and stored either online as part of a cloud storage service or saved to an external hard drive. Periodically verify that the files are backed up and can be retrieved.

  • Phishing emails

Never open an email from a suspicious source, click on a link in a suspicious email or open an attachment without scanning it first. Otherwise, you could be a victim of a phishing attack and your data could be compromised. Never click links within pop-up windows, download “free” software from a pop-up, or follow email links that offer anti-spyware software. The links and pop-ups could be installing the spyware that they claim to be eliminating. 

You may assume that the information you have on your computer is not valuable to a cyber thief. But think about it; access to your personal information, bank accounts and credit cards are all that cyber criminals need to steal your identity and create havoc in your personal life. Following these five cyber security tips will help you create a secure computer environment and protect your financial and other personal information.

Preventing Fraud

It’s been over six months since I last blogged about fraud risk in small businesses and nonprofits. Tax season and the new tax law must have distracted me. But fraud has not stopped lurking, robbing organizations of their hard-earned funds.

In case you forgot, fraud is an illegal act involving deceit, concealment, or a violation of trust. Fraud doesn’t involve physical threats of violence or force. Fraud is committed to obtain money, property, or services; to avoid payment or loss of services; or to secure personal or business advantage.

Fraud is not unique to any one type of organization. The opportunity to commit fraud exists everywhere, including public and private businesses and nonprofits. Small businesses and nonprofits are even more susceptible to fraud because of typically lower levels of staffing and technology. Plus, the environment at nonprofits and small businesses espouses trust that could be exploited by people who are unscrupulous or experiencing extreme financial pressures.

First — recognize that fraud can happen. Second — implement an action plan to help prevent fraud from happening. How? Minimize the chances that fraud will happen at your organization with these three tips:

  • Separate Tasks – The most powerful weapon against fraud is separating tasks or duties that should not be performed by the same person, like separating expense approval and payment from the person who reconciles the bank account. Separating duties prevents one person from having too much control over financial activities so that she or he could take funds without detection.
  • Investigate Anomalies – Identify anomalies, or exceptions, from expected conditions or results. Is your cash flow within a normal expected range? Are your sales returns higher than usual? Investigate performance and results that fall outside the expected range and take action. Looking into unusual activity could draw attention to and end fraudulent activities. Even if no fraud has occurred, you can take corrective action as needed.
  • Independent Monitoring – Periodic independent monitoring by a knowledgeable party is another way to safeguard financial assets. Methods include supervisor reviews, periodic audits and effective governance. Exception reports or anomalies should ideally be investigated by someone who is independent of the original activity. Nonprofits with limited staff can involve the Board Treasurer in the monitoring process.

Important steps for preventing fraud are to recognize that fraud can happen and to implement an action plan to mitigate the risk of loss. Powerful weapons like separating tasks, investigating anomalies and independent monitoring all reduce the risk of losing money, property, services or reputation. Trust is great; implementing fraud prevention tips is priceless.

Award or Cyber Threat?

I don’t generally believe in coincidences, but one sure happened to me last week. On the very same day that I was talking to a colleague about how obvious phishing e-mails can be, I received a cleverly-disguised phishing message that was very tempting…at first.

Many scam e-mails come from someone you know who has been hacked. A message is sent to everyone in that person’s contacts. It contains a link and urges recipients to click on it to see something amazing. Clicking on that link infects your computer with malware or ransomware.

Another version is phishing for your banking and other financial information by masquerading as a bank that has an incoming wire transfer for your account. All you need to do is approve the transfer by clicking on a link that similarly infects or compromises your computer and your data.

My tempting phishing message was cleverly planned just for me (aren’t I special?). It did not come through my regular e-mail; it was sent as a Request for Service on my business website. The title was “Nominated for Best Business Award” and said I had been nominated for Best Consulting Business in Arlington, Virginia, where my business is located. All I needed to do was to click on the link. The message even contained a password I was to use to access the link.

How cool is it to be nominated for an award? Who could resist learning more? I knew of the Arlington Best Business Awards, sponsored by the Arlington Chamber of Commerce, and Arlington’s Best Business Awards, sponsored by Arlington Magazine. I was super excited to be nominated!

But not too excited to stop and make a few observations. For example, the message came from a third party that I did not recognize. The award category was not familiar, based on my attendance at award recognition events in the last few years. Then, I vaguely remembered that the 2018 Chamber and Arlington Magazine awards were already celebrated earlier in the year.

It was a scam! After a little detective work on the internet, I was sure that I was not nominated for an award and that I was targeted for a cyber threat. I searched the name on the e-mail extension and found that it led to a website that my computer’s security wouldn’t let me access because the site was infected. I looked at Arlington Magazine’s and Arlington Chamber’s websites and found that not only had the 2018 awards been bestowed, there was no category for Best Consulting Business.

I felt very lucky that I resisted temptation to click on that link, even if it meant that I was not nominated for an award. At work or at home, your confidential information is at risk. Spending money and time on computer security protection won’t do any good if you or someone who works with you clicks on a cyber threat disguised as an award, a funds transfer, or something amazing to see.