April is here, and besides the burst of springtime flowers and occasional showers, there’s another cloud looming on the horizon for many: Tax Day. As we hustle and bustle to get our financial ducks in a row before April 15th, it’s important to remember that tax season is also open season for cyber threats.
Imagine this: you’re sitting at your computer, sipping your morning coffee, when an email pings into your inbox. It’s from the IRS! Or, at least, it seems to be. The logo looks right, and the language is pretty official. But hold on. Is the IRS really emailing you about a “tax refund error”? Spoiler: they’re not. This is a classic example of a phishing attempt.
Phishing, for those unfamiliar with the term (or perhaps more acquainted with the hobby involving a rod and reel), is when scam artists try to trick you into providing sensitive information. In the tech world, this typically happens over email, but it can also occur via phone calls or text messages.
In tax season, these scams skyrocket. The bait? Emails masquerading as official communications, promising refunds, or threatening audits. The objective? To get you to click on a malicious link or download an infected attachment.
But fear not, fellow taxpayers! Here’s how you can tread these treacherous waters safely:
Don’t Trust, Always Verify: Remember, the IRS will never initiate contact with taxpayers via email about a tax bill, refund, or economic impact payment. If in doubt, don’t click on anything. Instead, go directly to the IRS website or contact them by phone.
Use Secure Connections: If you’re working with digital tax documents, make sure your internet connection is secure. That quaint coffee shop with free Wi-Fi might be tempting, but unsecured networks can expose your data to prying eyes.
Backup and Store Safely: Once you’ve filed your taxes, ensure you have digital copies stored safely. Using an encrypted USB drive or a secure cloud storage solution is a good idea.
Embrace Multi-Factor Authentication: If your online tax platform offers it, enable multi-factor authentication. This adds an additional layer of security, requiring you to confirm your identity through two or more verification methods.
Update Regularly: Ensure your computer, browser, and any tax software you use are up-to-date. Cybersecurity patches are released for a reason!
But let’s end on a lighter note. Yes, tax season can be stressful, both for our wallets and our digital peace of mind. However, think of it this way: while you’re safeguarding your finances from both the taxman and cyber scammers, you’re also gaining invaluable skills to protect your digital self year-round. It’s like spring cleaning for your cyber home!
And, if all else fails, just remember: only a few more weeks until you can put all this tax business behind you. Then it’s back to regular programming, like deciphering those cryptic error messages Windows loves to throw our way.
It’s that time of year again. Holiday shopping is in full-swing. Americans are buying more and more from online vendors and shipping companies are working feverishly to keep up with demand.
And, of course, the bad guys are looming, seeking an opportunity to upset the holiday season.
Due to the increasing popularity of online shopping, shipping scams are more common than ever. Given the battle over expedient shipping, there’s no wonder that cybercriminals have developed sophisticated, and timely, methods of stealing from you.
During the holiday season, one of the most common shipping scams is nothing new, and, certainly not a sophisticated cyberattack. Commonly referred to as porch pirates, those who steal packages from the exterior of homes are rampant. In fact, recent statistics reveal that 25 million Americans were victims of porch pirates in 2018.
So, what can you do?
During the checkout process, select “signature required” in the shipping details. In doing so, you will force the shipping service to get a physical signature. The process is a bit tedious by today’s standards; however, not only will you safely collect your items, but, you’ll ensure that the items aren’t carelessly tossed onto your property in haste. Not all online vendors provide this option, so, don’t be surprised if it’s not present during the checkout process.
Secondly, if you live near a package collection service, you can use those providers. A package collection service will provide you with a physical street address – an employee will collect the packages and store for you. The service is similar to USPS post office boxes; however, many commercial carriers will not deliver to a post office box, and, these services are a good substitute for home delivery.
Next, ponder the porch pirate’s methods. They steal based on opportunity and relative ease of access to the goods. If you remove the easy access, the thief will likely pass your home. Many companies sell protective bags or boxes that are secured to your front door or other physical structure. When ordering, in the “other instructions” box for shipping, indicate that the package should be placed in the protective device and locked. While it’s true that a thief could steal the protective device, remember these are typically quick-action efforts. Porch pirates usually drive through a neighborhood and dash to and from a porch – they don’t carry tools; therefore, they aren’t prepared to fight with a locked bag or box.
Similarly, review your delivery area at your home. If you have hedges or other landscaping that will provide a blind for your packages, instruct the online vendor to place the packages behind those obstructions.
A few high-tech tools are available that could prevent, or, minimally, detect package theft. Amazon provides a locker service in some areas. The locker service is similar to the package collection providers, except, you have a key to your shipping locker, which is housed in a large building. Various video doorbell systems and motion alarms could assist with preventing the bad guys – when they work correctly. I use a combination of alarm and video products. Unfortunately, they’ve not always worked to scare away the thieves. However, I receive a text when activity occurs, so, if time permits, I can drop by and move the packages inside the house.
And, of course, the true online scammers use the holiday season as ripe opportunity to flood your inbox with phishing messages.
Shipping-themed phishing messages always increase during the holiday season. Complicating the matter, shipping companies rely heavily on email or text notification in today’s vibrant shipping environment. Therefore, it’s often a challenge to detect which messages are bad.
Whether you, or your business, use UPS, FedEx, DHL, or the USPS, it’s important to understand exactly what a legitimate delivery message looks like from those vendors.
The intent of the phishing messages is to steal. Specifically, the cybercriminals are trying to steal credentials (usernames and passwords), financial information (logins, account numbers), and spread malware which could lead to system ransom, downtime, and other undesirable outcomes.
How do the would-be bad guys design shipping scam messages?
Common techniques include: phony tracking numbers, undeliverable package notice, additional postage request, invalid mailing address, or attaching files to messages that claim to be claims forms or other shipping documents.
So, what do you do if you receive one of these messages and you know you have packages, but, are concerned about the possibility of malicious messages?
One of the most common phishing attempts is delivery of a fake tracking number. There are two ways to avoid this scam. First, if you are expecting a package, simply visit the online vendor’s website, view your account information and check the shipping information there. Secondly, if your vendor only lists the tracking information, but no detail, copy the tracking number from the vendor site and visit the shipping provider. As an example, UPS provides a very quick and accurate webpage for checking on the status of packages. I simply copy and paste the tracking numbers into the UPS website and get updates immediately. Clicking on links in email messages isn’t a good idea, so, taking a couple extra steps and being cautious will avoid malicious efforts, and, possibly provide more detailed shipping information.
Don’t trust links sent to your mobile device as texts – just because you think no one has your mobile number, doesn’t mean that’s accurate. Links within text messages can present an abundance of opportunity for poor outcome. Visit the online seller and check the status there.
As for the other common shipping scams, the same instructions will work. Visit the online vendor’s website to check on all delivery issues. It’s very unlikely that you will receive an email indicating that additional postage is needed. And, email delivery of invoices as attachments is common for business purchases, but rather inconvenient and unusual for consumer purchases – just avoid opening those attachments completely.
And lastly, a perfect way to avoid all of these online scams and shipping concerns is to shop local – support your local business community.
For the second week of National Cyber Security Awareness Month, I’ll discuss the idea of “Secure IT”.
The would-be bad guys are accomplished at relieving unsuspecting victims of their personal information. The tools for a successful cyber theft have evolved significantly. In fact, the tools are easy-to-install and require little knowledge. And, if you’re a very lazy hacker, “hackers-for-hire” is a real service.
So, what do you do to protect your interests?
“Secure IT”, more specifically, secure your IT, your devices, your services, your gear.
The best way to protect against cyber threat is to be knowledgeable about the products that you use. Specifically, review the security features available on your hardware, software and services.
Fabella Security 
You must be logged in to post a comment.