When Identity Thieves Hack Your Accountant

Credit to Author: BrianKrebs| Date: Wed, 11 Apr 2018 18:11:26 +0000

The Internal Revenue Service has been urging tax preparation firms to step up their cybersecurity efforts this year, warning that identity thieves and hackers increasingly are targeting certified public accountants (CPAs) in a bid to siphon oodles of sensitive personal and financial data on taxpayers. This is the story of a CPA in New Jersey whose compromise by malware led to identity theft and phony tax refund requests filed on behalf of his clients.

Read more

IRS Scam Leverages Hacked Tax Preparers, Client Bank Accounts

Credit to Author: BrianKrebs| Date: Mon, 19 Feb 2018 14:44:49 +0000

Identity thieves who specialize in tax refund fraud have been busy of late hacking online accounts at multiple tax preparation firms, using them to file phony refund requests. Once the Internal Revenue Service processes the return and deposits money into bank accounts of the hacked firms’ clients, the crooks contact those clients posing as a collection agency and demand that the money be “returned.” In one version of the scam, criminals are pretending to be debt collection agency officials acting on behalf of the IRS. They’ll call taxpayers who’ve had fraudulent tax refunds deposited into their bank accounts, claim the refund was deposited in error, and threaten recipients with criminal charges if they fail to forward the money to the collection agency. This is exactly what happened to a number of customers at a half dozen banks in Oklahoma earlier this month. Elaine Dodd, executive vice president of the fraud division at the Oklahoma Bankers Association, said many financial institutions in the Oklahoma City area had “a good number of customers” who had large sums deposited into their bank accounts at the same time.

Read more

File Your Taxes Before Scammers Do It For You

Credit to Author: BrianKrebs| Date: Mon, 29 Jan 2018 14:44:23 +0000

Today, Jan. 29, is officially the first day of the 2018 tax-filing season, also known as the day that fraudsters start requesting phony tax refunds in the names of identity theft victims. Want to minimize the chances of getting hit by tax refund fraud this year? File your taxes before the bad guys can! Tax refund fraud affects hundreds of thousands, if not millions, of U.S. citizens annually. Victims usually first learn of the crime after having their returns rejected because scammers beat them to it. Even those who are not required to file a return can be victims of refund fraud, as can those who are not actually due a refund from the IRS.

Read more

Registered at SSA.GOV? Good for You, But Keep Your Guard Up

Credit to Author: BrianKrebs| Date: Fri, 26 Jan 2018 19:43:29 +0000

KrebsOnSecurity has long warned readers to plant your own flag at the my Social Security online portal of the U.S. Social Security Administration (SSA) — even if you are not yet drawing benefits from the agency — because identity thieves have been registering accounts in peoples’ names and siphoning retirement and/or disability funds. This is the story of a Midwest couple that took all the right precautions and still got hit by ID thieves who impersonated them to the SSA directly over the phone. In mid-December 2017 this author heard from Ed Eckenstein, a longtime reader in Oklahoma whose wife Ruth had just received a snail mail letter from the SSA about successfully applying to withdraw benefits. The letter confirmed she’d requested a one-time transfer of more than $11,000 from her SSA account. The couple said they were perplexed because both previously had taken my advice and registered accounts with MySocialSecurity, even though Ruth had not yet chosen to start receiving SSA benefits.

Read more

Name+DOB+SSN=FAFSA Data Gold Mine

Credit to Author: BrianKrebs| Date: Fri, 24 Nov 2017 12:55:03 +0000

KrebsOnSecurity has sought to call attention to online services which expose sensitive consumer data if the user knows a handful of static details about a person that are broadly for sale in the cybercrime underground, such as name, date of birth, and Social Security Number. Perhaps the most eye-opening example of this is on display at fafsa.ed.gov, the Web site set up by the U.S. Department of Education for anyone interested in applying for federal student financial aid.

Read more

Fear Not: You, Too, Are a Cybercrime Victim!

Credit to Author: BrianKrebs| Date: Wed, 04 Oct 2017 04:34:50 +0000

Maybe you’ve been feeling left out because you weren’t among the lucky few hundred million or billion who had their personal information stolen in either the Equifax or Yahoo! breaches. Well buck up, camper: Both companies took steps to make you feel better today. Yahoo! announced that, our bad!: It wasn’t just one billion users who had their account information filched in its record-breaking 2013 data breach. It was more like three billion (read: all) users. Meanwhile, big three credit bureau Equifax added 2.5 million more victims to its roster of 143 million Americans who had their Social Security numbers and other personal data filched in a breach earlier this year. At the same time, Equifax’s erstwhile CEO informed Congress that the breach was the result of even more bone-headed security than was first disclosed. To those still feeling left out by either company after this spate of news, I have only one thing to say (although I feel a bit like a broken record in repeating this): Assume you’re compromised, and take steps accordingly.

Read more

A week in security (September 18 – September 24)

Credit to Author: Malwarebytes Labs| Date: Mon, 25 Sep 2017 16:24:17 +0000

A compilation of notable security news and blog posts from the 18th of September to the 24th of September. Read all about the CCleaner supply chain attack and a lot of other security news.

Categories:

Tags:

(Read more…)

The post A week in security (September 18 – September 24) appeared first on Malwarebytes Labs.

Read more

Fake IRS notice delivers customized spying tool

Credit to Author: Jérôme Segura| Date: Thu, 21 Sep 2017 15:00:24 +0000

Threat actors leverage a Microsoft Office exploit to spy on their victims. In this blog post, we will review its delivery mechanism and analyze the malware we observed, a modified version of a commercial Remote Administration Tool (RAT).

Categories:

Tags:

(Read more…)

The post Fake IRS notice delivers customized spying tool appeared first on Malwarebytes Labs.

Read more

Private Eye Allegedly Used Leaky Goverment Tool in Bid to Find Tax Data on Trump

Credit to Author: BrianKrebs| Date: Mon, 22 May 2017 20:11:27 +0000

In March 2017, KrebsOnSecurity warned that thieves who perpetrate tax refund fraud with the U.S. Internal Revenue Service were leveraging a widely-used online student loan tool to find critical data on consumers that allows them to claim huge refunds with the IRS in someone else’s name. This week, it emerged that a Louisiana-based private investigator is being charged with using the same online tool to glean tax data on then-presidential candidate Donald J. Trump. A story today at Diverseeducation.com points to court filings in the U.S. District Court for the Middle District of Louisiana, in which local private eye Jordan Hamlett is accused by federal prosecutors of abusing an automated tool at the U.S. Department of Education website that is designed to make it easier for families to complete the Education Department’s Free Application for Federal Student Aid (FAFSA) — a lengthy form that serves as the starting point for students seeking federal financial assistance to pay for college or career school.

Read more

Phishing 101 at the School of Hard Knocks

Credit to Author: BrianKrebs| Date: Fri, 24 Mar 2017 16:03:21 +0000

A recent, massive spike in sophisticated and successful phishing attacks is prompting many universities to speed up timetables for deploying mandatory two-factor authentication (2FA) — requiring a one-time code in addition to a password — for access to student and faculty services online. This is the story of one university that accelerated plans to require 2FA after witnessing nearly twice as many phishing victims in the first two-and-half months of this year than it saw in all of 2015.

Read more