Tax Phishing Scams

TAX Season is Here! Along with the Tax Phishing Scams!

 Tax Season Always Leads to Tax Phishing Scams, Here is What You Need to Know

Most of the United States are very eager to receive their well deserved tax return during tax season, although are you educated enough to avoid the dangerously growing tax phishing scams?

First off, you must understand what and how tax phishing scams & cyber attacks work. Phishing is a scam typically carried out through unsolicited email and/or websites that pose as legitimate sites (IRS, for example) and lure unsuspecting victims to provide personal and financial information.

How can I avoid Tax Phishing Scams?

  1. Do not click on the e-mail

Tax Season Phishing

2. Delete the e-mail / move to spam folder or block the sender – The IRS doesn’t initiate contact with taxpayers by email, text messages or social media to request personal or financial information. This includes requests for PIN numbers, passwords, or similar access information for credit cards, banks or financial accounts.

3. Don’t Reply

4. Phone Calls – if you receive IRS phone calls, make sure you call 1-800-366-4484 to determine if the caller is an IRS employee with a legitimate request.

5. Report – report all incidents to TIGTA and to the IRS at [email protected] (Subject: ‘IRS Scam’)

In closing, here are some remaining tips on how to spot additional phishing attacks:

Phishing scams are a threat to consumers in general, so keep an eye out for attacks unrelated to the IRS. Be suspicious of emails stating that you will lose something—such as your bank account or email account—if you don’t respond or click on the stated link immediately. Signs of phishing schemes that imitate well-known businesses can contain:

  • Generic email salutations, such as “Dear valued customer,” instead of your name.
  • Poor grammar or spelling errors.
  • Conflicting web addresses: Place your mouse over the link to see if the URL matches the typed web address in the message. If it doesn’t, it’s likely a scam. Avoid clicking the link.
  • Web addresses that resemble those of prominent businesses, but are slightly different.
    • For example, the URL of a spoof site mimicking PayPal.com may begin with “http” instead of “https.”
    • Or the web address may be something like “secure-paypal.com” instead of PayPal’s actual URL.

If you have any questions, please comment below. Thank you!

0
Read More
Website Design Health

How is your Website’s Health and is it Secure?

 How Can I Tell If My Website is Healthy & Secure?

Your Website might be designed well, although does it work well from a technical view?

First, ask yourself the following questions:

  • Is my Website secure?
  • How is my Website’s Health-score?
  • Is my SSL Certificate installed properly?
  • How’s my site speed? (fast loading website)
  • How’s my back-link counter?
  • Is my Website Mobile Friendly?
  • Do I have any HTML Errors?
  • Do I have any “Broken” Links?
  • Is my Website formatted for SEO?
  • Etc.

If you questioned any of the above, I will be providing some helpful tools in this blog that may help!

 

1. HTTPS

If your web page requires entry of personal or private information, check to see if the URL in the address bar of your internet browser starts with “https://”. The letter S is very important, since it signifies that the website is using Hypertext Transfer Protocol Secure (HTTPS), a communications protocol for secure communication. If not, you should have this configured asap.

2. Website Privacy Policy

A website’s privacy policy contains very useful information on how data is collected from your website, how it’s used, and what security measures the business will take to make sure your private data is safe. If a website is lacking a proper privacy policy, you may want to consider implementing one.

3. Contact Information

Up-to-date contact information is another factor that helps determine if a site is secure. A site owner concerned about security will have, at the very least, a valid email address where any identified issues can be addressed. Ideally, the site will also include email, social media, telephone, and possibly a physical address. So, please be sure to have an updated “Contact Me or Us” section.

4. Health Score

There are much more details to your health score. You will need 3rd party software or vendor to provide an actual Health Score Analysis 

Although, the health score can provide very helpful information to ensure your website is operating top notch. Check out the sample dashboard below.

Website Health Score

5. Site Speed Test

Here is a tool to test your Website’s “site-speed” – Pingdom Website Speed Test

6. Mobile-Friendly Test

In a few seconds, you can type in a URL and find if the page has a mobile-friendly design. This is increasingly important based on the number of people who browse using mobile devices. Statistics show mobile devices actually surpassed desktop usage for the first time ever in 2016.

A green “Awesome” means your site is mobile-friendly; a red “Not mobile-friendly” means that you’ve got some work to do (check it out) – Google Webmaster Tool

7. Response Headers

Caching and other response headers can be confusing. REDbot will look at your server response headers, explain what each one means, and let you know if it finds any problems or inconsistencies.

8. HTTP Compression Test

Enabling compression on your website allows your content to download more quickly. Check to see if you have Gzip compression enabled. Doing so can reduce your bandwidth significantly – Gzip

In closing, be aware a healthy website will take continued maintenance throughout its lifetime. You must learn about the new features / tools as they’re released and implement accordingly. If you have any questions regarding your website, please feel free to comment below!

Thank you.

0
Read More
Reduce Human Error in your business

Human Error: Understand the IT Threat

With over 90% of all cyber security breaches due to human error, it’s safe to say that mistakes in the workplace are more than costly. So what mishaps are your end users making, and what exactly are the repercussions to your organization? 

 

Many of the successful security attacks from external attackers who are preying on human weakness, waiting patiently for employees to be lured into providing access to sensitive information. Their human errors can be incredibly costly, especially since the insiders involved have access to a host of sensitive data.

One of the greatest impacts of a successful security breach is the exposure of this kind of information, loss of intellectual property and the infection of malware.

The Threat of Human Error

 

One of the most common mistakes made by employees, is sending sensitive documents to unintended recipients. This is relatively easy to solve when deploying security controls to monitor sensitive information being leaked from your organization.

These controls were once considered complex to deploy, but have now been made considerably easier to implement by vendors in recent years. This has dramatically reduced the level of user involvement required and increased the use of such controls.

These tools can also:

  • Prevent users from engaging in inappropriate behavior
  • Eliminate sending documents home via email, placing them on file-sharing sites or removable media such as USB sticks

See how the growing culture of bring-your-own-device (BYOD) exposes additional major concerns, especially with the risk of lost or stolen mobile devices. Again, technology vendors are available to help companies control what happens to data stored on such devices, even allowing sensitive data to be remotely wiped – so that it doesn’t fall into the wrong hands.

Even the most trusted and highly skilled employees run major risks of human error. System and network administrators are commonly guilty of incorrect system configurations, poor patch management practices and the use of default names and passwords. There are numerous security controls that organizations can explore to guard against these types of threats.

0
Read More
SecurityRI.com Cyber Security

THE SEVEN PITFALLS OF CYBER SECURITY

Based directly on IBM / Ponemon research, the following represent the top seven cyber security pitfalls that are opening US businesses up to massive financial liabilities, with the potential for something as serious as an extinction event.

  1. INCONSISTENCY

IN ENFORCING SECURITY POLICIES

A security policy is clearly worthless unless it is correctly enforced, and its suitability is regularly checked. However, only 32% of respondents could claim their security policies are reliably applied and regularly audited. On top of this, less than half or 43% enforce them only occasionally, 17% fail to audit their suitability, and 7% have no policies in place.

  1. NEGLIGENCE

IN THE APPROACH TO USER SECURITY AWARENESS TRAINING

Despite all the commentary about its importance, only 16% of respondents considered user security awareness training a priority. A massive 71% pay lip service to it by either including security awareness as a one-off event at employee on-boarding or reinforcing it once a year. The remainder, 13%, admitted they do nothing.

  1. SHORTSIGHTEDNESS

    IN THE APPLICATION OF CYBER SECURITY TECHNOLOGIES

    Six of the nine most typical cyber security technologies had been deployed by only a minority of respondents. Web protection, email scanning, and anti-malware had each been rolled out by 50-61%, but the remaining six (including SIEM, firewall rules, and patch management) had been deployed by only 33% at the most (SIEM), or 25% at the lowest (intrusion systems).

  1. COMPLACENCY

 AROUND VULNERABILITY REPORTING

Only 29% of respondents could call their vulnerability reporting robust, with the majority, 51%, optimistically classifying it as adequate. Surprisingly, as many as 19% have no reporting, and 11% even said they categorically had no plans to investigate its deployment or usefulness.

  1. INFLEXIBILITY

 IN ADAPTING PROCESSES AND APPROACH AFTER A BREACH

Following a breach (experienced by 71% of respondents), only 44% implemented new technology, and only 41% changed their processes. Meanwhile, 42% started considering new technology, while 14% purposefully did nothing.

  1. STAGNATION

 IN APPLICATION OF KEY PREVENTION TECHNIQUES

Only a minority of respondents had implemented all of them. The most prevalent technique was full disk encryption on mobile and portable endpoints, but even this was only performed by 43%. Application white listing was implemented by only 38%, and logging of authenticated users’ activity was used by only 41%.

  1. LETHARGY

 AROUND DETECTION AND RESPONSE

Over the past 12 months, detection times had risen for 40% of respondents; response times were up for 44%; and resolution times had increased for 46%. In contrast, of the 2016 report, detection times had risen for only 28% of respondents; response times were up for 28%; and resolution times had increased for 27%. This shows that the rate of decay (and complacency) is growing

The survey shows that:

  • Detection times have grown for 40%
  • Response times have grown for 44%
  • Resolution times have grown for 46%

So, in hard commercial terms, what does this vulnerability cost a typical SMB or enterprise? Beyond the readily identifiable impacts of a lost customer or downtime leading to lost opportunity, what are the wider implications? In the “2016 Cost of Data Breach Study: Global Analysis,” 1 IBM and Ponemon calculated a standard cost per lost or stolen record of USD $158. This calculation included direct expenses (e.g. engaging forensic experts, outsourcing hotline support, and customer relationship remedial costs such as discounts on products and services) and indirect costs (in-house investigations and internal communications). It also extrapolated typical values of lost customers and the impact of brand damage on future customer acquisition.

  SMB Enterprise
Average number of records held 482 5,946
Average cost per lost / stolen records (IBM/Ponemon statistics) $158 $939,444
Average number of breaches suffered in 12 months 0.32 1.05
Typical yearly cost of data breaches to a generic SMB/Enterprise $24,465 $983,139
 

In closing, cyber security should not be taken lightly. Companies should invest in their IT infrastructure, while setting strict cyber security test dates. Also, user training can go a long way – seeing how “human error” causes majority of cyber breaches. If you have any questions, please feel free to contact us 24/7/365.

0
Read More
Locations

Corporate Headquarters
58 Waterman Avenue - North Providence RI 02911

MA Office
26 Cedar Lane - Seekonk MA 02771

Toll Free: (888) 219-5296
Local: (401) 231-8130

Operating Live 24∙7∙365