WARNING: They Will Not Contact You
Microsoft, Apple or anybody else WILL NOT contact you directly by phone, email or popup on your screen, to tell you about a possible problem with your device. THIS IS A SCAM! Do not allow anybody to remotely access your device for a "free" scan or "discount" fix no matter how serious they make it sound. Just hang up, close the message or close the popup. When in doubt call us for more information, but please, don't fall for this scareware scam! For related details see Common Online Scams below.
'Tis The Season, For Tax Scams
Thousands of people have lost millions of dollars and their personal information to tax scams. Scammers use the regular mail, telephone, or email to set up individuals, businesses, payroll and tax professionals.
The IRS does not initiate contact with taxpayers by email, text messages or social media channels to request personal or financial information.
Many taxpayers have encountered individuals impersonating IRS officials – in person, over the telephone and via email. Don’t get scammed.
The IRS initiates most contacts through regular mail delivered by the United States Postal Service.
However, there are special circumstances in which the IRS will call or come to a home or business, such as when a taxpayer has an overdue tax bill, to secure a delinquent tax return or a delinquent employment tax payment.
Even then, taxpayers will generally first receive several letters (called “notices”) from the IRS in the mail.
Note that the IRS does not:
- Call to demand immediate payment using a specific payment method such as a prepaid debit card, gift card or wire transfer. Generally, the IRS will first mail a bill to any taxpayer who owes taxes.
- Demand that you pay taxes without the opportunity to question or appeal the amount they say you owe.
- Threaten to bring in local police, immigration officers or other law-enforcement to have you arrested for not paying. The IRS also cannot revoke your driver’s license, business licenses, or immigration status. Threats like these are common tactics scam artists use to trick victims into buying into their schemes.
What To Do Right Away
- Call the companies where you know fraud occurred.
- Place a fraud alert on your credit reports and get copies of your report.
- Report identity theft to the FTC.
- File a report with your local police department.
- Use at least 10 characters; 12 is ideal for most home users.
- Try to be unpredictable – don’t use names, dates, or common words. Mix numbers, symbols, and capital letters into the middle of your password, not at the beginning or end.
- Don’t use the same password for many accounts. If it’s stolen from you – or from one of the companies where you do business – thieves can use it to take over all your accounts.
- Don’t share passwords on the phone, in texts or by email. Legitimate companies will not ask you for your password.
- If you write down a password, keep it locked up, out of plain sight.
Common Online Scams
- You may get ads that promise to “delete viruses or spyware,” “protect privacy,” “improve computer function,” “remove harmful files,” or “clean your registry;”
- You may get “alerts” about “malicious software” or “illegal pornography on your computer;”
- You may be invited to download free software for a security scan or to improve your system;
- You could get pop-ups that claim your security software is out-of-date and your computer is in immediate danger;
- You may suddenly encounter an unfamiliar website that claims to have performed a security scan and prompts you to download new software.
The Small Business Guide to Corporate Account Takeover
What is Corporate Account Takeover (CATO)?
Corporate account takeover is a type of fraud where thieves gain access to a business’ finances to make unauthorized transactions, including transferring funds from the company, creating and adding new fake employees to payroll, and stealing sensitive customer information that may not be recoverable.
Corporate account takeover is a growing threat for small businesses. Since 2011, seventy two percent of data breach cases affected businesses with 100 employees or less1. It is important that businesses understand and prepare for this risk.
Cyber thieves target employees through phishing, phone calls, and even social networks. It is common for thieves to send emails posing as a bank, delivery company, court, the Better Business Bureau, or even the IRS. Once the email is opened, malware is loaded on the computer which then records login credentials and passcodes and reports them back to the criminals.
How do I protect myself and my small business?
The best way to protect against corporate account takeover is a strong partnership with your financial institution. Work with your bank to understand security measures needed within the business and to establish safeguards on the accounts that can help the bank identify and prevent unauthorized access to your funds.
A shared responsibility between the bank and the business is the most effective way to prevent corporate account takeover. Consider these tips to ensure your business is well prepared:
- Educate your employees. You and your employees are the first line of defense against corporate account takeover. A strong security program paired with employee education about the warning signs, safe practices, and responses to a suspected takeover are essential to protecting your company and customers.
- Protect your online environment. It is important to protect your cyber environment just as you would your cash and physical location. Do not use unprotected internet connections. Encrypt sensitive data and keep updated virus protections on your computer. Use complex passwords and change them periodically.
- Partner with your bank to prevent unauthorized transactions. Talk to your banker about programs that safeguard you from unauthorized transactions. Positive Pay and other services offer call backs, device authentication, multi-person approval processes and batch limits help protect you from fraud.
- Pay attention to suspicious activity and react quickly. Look out for unexplained account or network activity, pop ups, and suspicious emails. If detected, immediately contact your financial institution, stop all online activity and remove any systems that may have been compromised. Keep records of what happened.
- Understand your responsibilities and liabilities. The account agreement with your bank will detail what commercially reasonable security measures are required in your business. It is critical that you understand and implement the security safeguards in the agreement.