identity theft Archives -

TAX Season is Here! Along with the Tax Phishing Scams!

Tax Season Always Leads to Tax Phishing Scams, Here is What You Need to Know

Most of the United States are very eager to receive their well deserved tax return during tax season, although are you educated enough to avoid the dangerously growing tax phishing scams?

First off, you must understand what and how tax phishing scams & cyber attacks work. Phishing is a scam typically carried out through unsolicited email and/or websites that pose as legitimate sites (IRS, for example) and lure unsuspecting victims to provide personal and financial information.

How can I avoid Tax Phishing Scams?

Do not click on the e-mail

Tax Season Phishing

2. Delete the e-mail / move to spam folder or block the sender – The IRS doesn’t initiate contact with taxpayers by email, text messages or social media to request personal or financial information. This includes requests for PIN numbers, passwords, or similar access information for credit cards, banks or financial accounts.

3. Don’t Reply

4. Phone Calls – if you receive IRS phone calls, make sure you call 1-800-366-4484 to determine if the caller is an IRS employee with a legitimate request.

5. Report – report all incidents to TIGTA and to the IRS at [email protected] (Subject: ‘IRS Scam’)

In closing, here are some remaining tips on how to spot additional phishing attacks:

Phishing scams are a threat to consumers in general, so keep an eye out for attacks unrelated to the IRS. Be suspicious of emails stating that you will lose something—such as your bank account or email account—if you don’t respond or click on the stated link immediately. Signs of phishing schemes that imitate well-known businesses can contain:

Generic email salutations, such as “Dear valued customer,” instead of your name.
Poor grammar or spelling errors.
Conflicting web addresses: Place your mouse over the link to see if the URL matches the typed web address in the message. If it doesn’t, it’s likely a scam. Avoid clicking the link.
Web addresses that resemble those of prominent businesses, but are slightly different.
- For example, the URL of a spoof site mimicking PayPal.com may begin with “http” instead of “https.”
- Or the web address may be something like “secure-paypal.com” instead of PayPal’s actual URL.

If you have any questions, please comment below. Thank you!

Rhode Island Identity Theft Protection Act – Do You Comply?

August 19, 2016

Cyber Security Services, Data Security, IT Security Services, Network Security Services, Rhode Island Security Matters, Security Best Practices for Businesses

What are Identity Fraud and Identity Theft?

According to the Federal Bureau of Investigation’s (FBI) Financial Crimes Report, the crime of criminal identity fraud is the involvement of the “…misuse of another individual’s personal identifying information for fraudulent purposes”.

The severity of criminal identity fraud ranges. The Rhode Island Identity Theft Protection Act is focused on serious acts of identity theft. Such acts include obtaining another individual’s personal information with the intent to compromise his or her assets. All are illegal, whether it is locally, stately, or federally.

A 2006 survey conducted by the Federal Trade Commission (FTC) stated that 255,565 Americans were victims of some type of identity fraud or theft in 2005. This figure accounts for 37% of all criminal fraud crimes reported – a staggering number of victims for the year 2005. Here we are 10+ years later, and the situation has not improved.

The Rhode Island Identity Theft Protection Act

The State of Rhode Island and the Providence Plantations recently amended the Rhode Island Identity Theft Protection Act. The changes became effective on June 26, 2016. Data security measures and breach notification laws have now changed. View the document here.

Here are a few of the highlights:

Rhode Island Attorney General and major credit reporting agencies must be notified of any breaches affecting 500+ residents
Businesses must destroy secure information of clients. Secure information can only be kept for the duration of the services provided.
Protecting personal information of Rhode Island residents is a requirement that requires maintained policies and procedures.
“Personal information” now includes all of the following: social security number; driver’s license number or state/tribal identification number; bank account numbers; credit or debit card numbers; medical or health insurance information; email addresses provided with passwords that allow access to personal information
Data must now be encrypted in, “a form in which there is a low probability of assigning meaning without use of a confidential process or key.”

Federal Law

Title 18: Part I – Chapter 47, Section 1028b of the United States Sentencing Commission’s Identity Theft Report, states that the sentencing guidelines for one count of the crime of identity fraud are a fine which depends on the severity of the crime and/or imprisonment for a maximum of one, three, or five years depending on the particular circumstances of the offense.

The punishments were made more severe in 1998 with the implementation of the Identity Theft and Assumption Deterrence Act. This legislation made the crime of identity theft punishable by a maximum $250,000 fine and/or a maximum of 15 years in federal prison, per count.

Final Thoughts

The expansion of the Rhode Island Identity Theft Protection Act is important for all Rhode Island businesses. Are you compliant with the new regulations? If not, then your business could face some serious penalties. Consult a reputable and local IT security company to go over your policies and practices. A simple audit could help save your business thousands of dollars of penalties.