Tag Archive for: Scams

IRS warns of ongoing twists on phishing scams

/in


The Internal Revenue Service and its partners in the Security Summit are warning tax professionals against a new variation on an old scam in which fraudsters use pandemic-related themes in their phishing attempts to steal client data.

The Security Summit noted that, with so many people working remotely, fraudsters will pose as clients or potential clients trying to get in touch with a tax pro digitally — whether through emails or text messages — and then try to trick them into clicking on links or opening attachments that infect their computer systems.

“Identity thieves have been relentless in exploiting the pandemic and the resulting economic pain to trick taxpayers and tax professionals to disclose sensitive information,” said IRS Commissioner Chuck Rettig in a statement. “Fighting back against phishing scams requires constant vigilance, and we urge tax pros to take some basic steps to help protect their clients and themselves.”

Whether they’re phishing emails or “smishing” texts or instant messages, the fraudulent messages will usually appear to come from a known and trusted sender — a client, a colleague, a bank or even sometimes the IRS itself — and aim to project a sense of urgency to encourage the tax pro to act quickly and without taking basic precautions.

That said, in a recent version of the scam that the IRS described as “reoccurring and very successful,” the fraudsters engaged with their targets over a period of time, exchanging a number of emails with the tax professionals before finally sending them an attachment that they claimed was their tax information, but which actually downloaded malware onto the tax pro’s computer when they opened it.

Since the large amounts of valuable client data that tax professionals handle make them a natural target for scammers, the IRS strongly recommends that practitioners at least take the following steps to start protecting themselves and their clients:

  • Using two- or multifactor authentication;
  • Keeping antivirus software updated;
  • Using drive encryption; and,
  • Regularly backing up files.

For more, see the IRS’s Publication 4557, “Safeguarding Taxpayer Data.”

Source…

Attorney General Todd Rokita warns Hoosiers of new ‘unsubscribe’ scams – WBIW

/in


INDIANA – Even typically savvy consumers are falling victim to a new scam in which they are emailed that they must unsubscribe from free-trial services in order to avoid charges on credit card accounts, Attorney General Todd Rokita warned today.

The new scam is distinctive from others because the email instructs recipients to phone a call center for more information rather than providing links in the text of the message itself. (In some variations of this scam, the fraudsters may phone consumers rather than email them and leave callback numbers.)

Operators at the call center direct callers to a fake company website and lead them through a series of online steps that install dangerous malware onto the victims’ computer systems.

Todd Rokita

“Scammers are constantly becoming more clever and cunning in their tactics,” Attorney General Rokita said. “Our office is committed to making sure Hoosiers are aware and prepared to avoid these kinds of traps.”

Victims are less likely to suspect scams when they are the ones taking the initiative to gather more information, Attorney General Rokita said — such as having to phone a call center.

Further, email messages that contain malware links are often detected by computer security applications. The attackers in this case avoid such detection by leading victims to those links over the phone.

During the conversations, the scammers may ask callers to download a spreadsheet and follow other instructions. When callers say they do not recall ever signing up for any free trial offers, operators often explain that it appears someone else signed up for the offers using the callers’ information.

“The paradox is that these scammers pretend to be helping protect their victims,” Attorney General Rokita said. “In reality, they are preying upon them.”

At the end of the calls, the operators assure callers that nothing will be charged to their credit card accounts. By that time, the unsuspecting victims already have downloaded malware onto their computers that may enable the scammers to remotely control the victims’ computer systems or install ransomware.

Anyone receiving emails such as those described…

Source…

Apple’s tightly controlled App Store is teeming with scams – The Washington Post

/in



Apple’s tightly controlled App Store is teeming with scams  The Washington Post

Source…

Threat Actors Continue to Use Google Alerts to Spread Malware and Scams / Digital Information World

/in


Google Alerts can be a great way to stay up to date with the world around you because of the fact that this is the sort of feature that could potentially end up getting you the specific news that you need as soon as it breaks out in the world. However, it is important to note that in a lot of situations Google Alerts tend to be hijacked by various malicious actors so that they can spread malware or potentially end up making people fall for various scams and the like as well.

This trend has actually started to increase in recent time, and even if you sort your Google Alerts so that you only get the highest quality ones threat actors can still find a way to work around this. At this point you might be wondering how they manage to trick Google, and basically the answer to this question is that they use cloaking which is a form of SEO that makes them seem legitimate even though they’re in no way so.

Users should be careful while checking out various Google alerts that they are receiving lest they end up in a situation where they get infected with malware or end up falling for a scam that can cost them a lot of money. This is the kind of thing that really tends to be underreported as well, so it is up to Google to try and make sure that all of its users can stay as safe as possible. The sinister thing about this is that most users can’t even tell if a site is malicious before they go to it, and at that point it will be far too late to prevent the worst from happening.

H/T: BC.

Read next: Google Moved Its Page Experience Update Launch from May to Mid-June

Source…