IRS Disables e-File PIN After Recent Suspicious Activity Found

As of June 24, 2016, the Internal Revenue Service (IRS) has disabled the e-File PIN as suspicious activity was recently detected.1, 2

This is not the first time in recent months that the IRS has disabled the e-File PIN as the result of suspicious activity.3

As of January 2016, the IRS detected an automated attack against its e-File PIN application.4

The January 2016, e-File PIN attack involved hackers collecting personal information from other sources and then using the Social Security Numbers of those people to generate e-File PINs.5

According to the IRS, approximately 464,000 Social Security Numbers were involved and the hackers successfully generated e-File PINs for 101,000 Social Security Numbers.6

The IRS had already been considering scrapping the e-File PIN application at some time in 2016, but the integration of a number of commercial tax applications with e-File PIN led to the IRS choosing not to do away with it after the first reported attack against the application earlier this year.7

How Can You Protect Yourself?

One of the key findings in the IRS alert released on June 24, 2016, is that in the January 2016, attack, the criminals used information they obtained from other sources to attack the e-File PIN.8

Information that the hackers used included:

  • Names9
  • Addresses10
  • Filing Status11
  • Dates of Birth12
  • Social Security Numbers13

Ask yourself how many of the above things can be found about you online. Think about the information you share on websites like Facebook, LinkedIn, Twitter, and Instagram. If the above information is available on any of your online accounts then you are making it easier for hackers to use your information in attacks. Remember, hackers can obtain this information from other sources too. One non-cyber way hackers can collect information to use in a follow-on cyber attack is impersonating the IRS during phone calls.14

Of course hackers can attempt to collect information about you through a variety of media including phone calls, text messages, emails, and faxes.15

Here are some extra tips on how to keep yourself safe.

  1. Limit the amount of information you provide to websites.
  2. When you provide personal information to websites make sure you are on an encrypted connection.
  3. Do not do any sensitive work (filing your taxes, accessing your bank account, or paying for things online) on the same computer you do heavy web browsing.
  4. Regularly update your anti-virus.
  5. Regularly run full anti-virus scans of all of your systems (computers and phones).
  6. When a virus is found on your computer, immediately take appropriate security steps to secure all accounts that have been accessed from that computer and verify that the infection is properly removed from your computer.
  7. Keep the operating system on your computer completely updated.
  8. Keep programs on your computer like Java and Flash completely updated.
  9. Enable the firewall on your computer and make sure it is configured to block unauthorized inbound traffic.
  10. Never reply to unsolicited emails requesting sensitive information. If you receive an email requesting information contact the sender by phone or in person to confirm they sent the email and if they need the information they asked for arrange to provide the information in person or using encryption.

If you believe you are a victim of an IRS scam or are suspicious about a phone call, text message, email, fax, or letter in the mail requesting information claiming it is from the IRS report the incident with the IRS following the directions on their website. You should also notify your IT provider.

twitterredditlinkedinmailtwitterredditlinkedinmail

Little-known ways to get more out of Outlook

Microsoft Outlook is a little bit like cooking: everyone knows at least a little about it, and many people depend on it in their day-to-day lives. Most Outlook users only touch the tip of the iceberg when it comes to all the different things Outlook can do. So, without further ado, here are a few effort-saving Outlook tricks to have up your sleeve. (Note: these tips were written with Outlook 2013 in mind. Certain functions may be different in older Outlook versions.)

Keep track of your billable hours, phone calls, tasks, meetings, etc. with the Journal tool.

It’s hard to believe so few people know about or use this tool, since it’s so versatile. It even has a built-in timer so that you’ll accurately know exactly how long that meeting took. (Your billing department is going to LOVE you.) To find it, select the Folders option on the taskbar at the bottom of the screen. In the navigation pane to the left of your inbox, select Journal. You can add a new entry by clicking on Journal Entry under the Home tab, and a dropdown box allows you to choose categories for phone calls, faxes, meetings, tasks, and others. You can add notes to yourself, details, you can color-code your entries, view them different ways…you get the idea. The Timer option (under the Journal Entry tab) will let you start or stop timekeeping for a task.

Create email templates and reusable text blocks without copy-and-pasting.

To create an email template: This is a good option if you need “form letters” of any kind. Write out the “master” version of the email (you don’t have to send it) and then, under the blue File tab, click Save As. In the Save as type bar, below the File name bar, click the dropdown arrow and select Outlook Template. Give it a descriptive title (e.g. “Sales Form Letter”) and save it. When you want to create a new message using the template, either double-click on the file you saved itself, or, under the Home tab, go to New Items > More Items > Choose Form…. Click the dropdown arrow for the Look In bar and select User Templates in File System. Your template should show up there.

To create reusable text blocks: This can save you time if you frequently use the same paragraphs, images, or links in your emails. Type the text you want to reuse into a new email message and highlight it with your cursor. Then, from the Insert tab, click Quick Parts and then Save Selection to Quick Part Gallery. Give the block a name (e.g. “Greeting,” “Disclaimer”). The next time you want to include the text block in your email, select the Quick Part you created from the Insert > Quick Parts menu.

twitterredditlinkedinmailtwitterredditlinkedinmail

Malvertising

Maybe you do everything right: you only go to websites you trust, you have updated antivirus and anti-malware programs, you use complex passwords, but you still deal with the occasional Internet annoyance, like pop-up or banner ads. Unavoidable and pesky, but part of the web-surfing territory, right? They’re annoying, but they don’t really get in your way. Why should you worry about them?

Even if you never click on them – I REPEAT – even if you don’t interact with them at all, they can infect your computer with malware – just by being displayed on your screen.

Here’s the problem.

You see, most websites innocently use ad services to create revenue – even websites you trust, like your favorite news site. The ad service will set up a certain number of ads in a rotation on the website. While many of the ads are harmless, sometimes an ad in the rotation will have invisible, malicious code embedded in it (without either the ad service or the website knowing about it). When your computer displays the ad, the evil, embedded code gets run on your computer, looks for any security “holes” it knows how to exploit, and downloads the right kind of malware for your particular vulnerability.

You won’t even know what hit you until, say, you find that your browser homepage has changed to a porn site or ransom page. And you were just trying to update your fantasy football league stats! Thankfully, there are some simple steps you can take which will greatly reduce your chances of falling prey to this type of attack.

Step 1: Update your web browser(s).

You’re probably reading this right now using an internet browser like Internet Explorer (or the new Microsoft Edge), Firefox, Safari, or Chrome. If you don’t know if you have the most current version of your browser, here are some directions for finding out. (It never hurts to double check!)

Step 2: Update your web browser plugins.

Javascript and Flash are the two biggest security concerns. Click here to check your version of Java and here to update Flash. You can also change your browser’s default plugin settings so your computer must “ask to activate” them. Disable unnecessary plugins entirely.

Step 3: Download good web browser protection programs.

If you’re using Firefox, Adblock Plus and NoScript are great browser extensions that will prevent most ads from displaying and will prevent a lot of “invisible” browser activity from happening. Malwarebytes also offers a good free version of its Anti-Exploit Kit (for personal use) that specifically defends against malvertising attacks.

twitterredditlinkedinmailtwitterredditlinkedinmail

Is being AWARE enough?

ncsam

October is National Cyber Security Awareness Month.  Now you are aware.

The question, however, that remains is “what does that mean to me?”  I’m glad you asked.  In 2014 companies such as Chase, Target, KMart, Home Depot, Neiman Marcus, and yes, even the hallowed Dairy Queen were all breached.  It is safe to say that warfare has evolved –  That is not to say that spears no longer work, however the reach of a computer with an Internet connection is much greater than anything we could have ever imagined.

But again, “what does that mean to me?”. With any weapon, comes responsibility – we are not going to teach you how to make your computer a threat – far from it – we want to show you how to be a little safer FROM those threats. The truth is, it is all the same things you have heard before – but let’s take a look at WHY these steps are important.

KEEP YOUR COMPUTER CURRENT

Most of the time, exploits are targeted at “weak” systems.  By keeping your operating system current, you are taking advantage of the diligence of the creator of those operating systems to make your computer safe.  There are always stories of “that update killed my computer” … and a lot of them are true.  Our advice is to update your computer on the first day of the month.  Almost nobody releases their updates during the last week of a month – this will give time for the bugs to be worked out.

USE A GOOD ANTI-VIRUS PRODUCT

Would you get a flu shot from your convenient store? How about an anti-biotic from a guy on Craigs List?  No?  Then don’t get a third-world free anti-virus product.  This is your first line of defense.  Consider it the cost of doing business.

BE CAREFUL WHERE YOU GO

Just like you wouldn’t walk down dark alleys with twenty dollar bills hanging out of your pockets yelling “I’m unarmed and wealthy ..”, don’t hang out in places that are prone to be frequented by hackers.  If you are given to adult sites and gambling, consider getting a throw-away computer for that activity.

DON’T LET YOURSELF BE USED

You wouldn’t let your computer be used by a stranger would you?  (please say “no”)  There are some programs in the wild called a RAT.  RAT means Remote Access Trojan; it is a program designed to let a stranger use your computer to perform whatever act that they would like.  RATS are considered malware and are the preferred weapon of ne’er-do-wells who would seek to do your harm.  It is important that you understand that a RAT is not a virus, and as a result MAY NOT BE DETECTED by your anti-virus.  Please make certain that you have an anti-malware product installed, or that your anti-virus software contains an anti-malware component.

WHEW!

So, now your protection is current, you are only going to pure and holy websites, and you refuse to participate in bad things.  Now what ?
The word of the day is INFORMED.  Remain informed from your trusted advisors as to new and unusual threats and how to deal with them.  We know that the tool at your hand can be your best friend – we just want to make certain that it isn’t your enemy’s best friend too. As always, consult with your local technical consultant.

twitterredditlinkedinmailtwitterredditlinkedinmail

Get off of my cloud!

Isn’t it amazing how our government, politicians and large companies push us into THEIR decisions for our future?  Wait a minute – did she say “large companies”?!  Yes, I did.  Technology is experiencing that very phenomenon through cloud computing.  By giving consumers and companies substantial savings, we can now use the cloud for almost everything technology.  Look, I get it, no one likes to spend $500 on a piece of software to own it outright when, for $15/month, one can use the cloud version.  It’s all about ROI (return on investment).  It would take, under this scenario, just under 3 years to make purchasing the software profitable, and by then, the current version will be obsolete.  Is there an inherent danger in having your company’s technology, processes or both, all in the cloud?  We all have heard about the infiltrations, hackers, malware, ransomware and viruses.  But here’s one to ponder which might not have received thought:

Has your internet ever gone down?  During business hours?
It’s frustrating when it happens, isn’t it?

What if all of your company’s technology functions were in the cloud (i.e. Internet)?  It would most likely bring your entire company to a grinding halt. Imagine ALL of your personnel sitting there (on your payroll) unable to work until the internet comes back up.  How long do you wait before you send them home for the day?  How much new and existing business would it cost you?

OK – what’s the solution?  “I can’t afford to keep buying my hardware and software when cloud solutions will save me so much money!”

The best answer is one of moderation.  We do believe that there are some instances where the “cloud” is the absolute best choice.  But it isn’t the ONLY  choice – and there are a myriad of options.  In this industry, there are a lot of people making a lot of money converting your world to their cloud.  But we would be remiss if we didn’t tell you about companies that put the needs of their business ahead of yours.  Like the difference between buying and leasing, there are factors to be considered; who really owns the data that you think is yours?  You may be unpleasantly surprised at the answer.

There is no single solution that fits everyone.  We encourage you to meet with your IT professional if you have questions about your specific network environment.

twitterredditlinkedinmailtwitterredditlinkedinmail

Microsoft Releases Patch for Internet Explorer vulnerability

Well, if you read my post from yesterday, I gave you a work-around to avoid the problems caused by the Internet Explorer (IE) Vulnerability when using Adobe Flash.

Today, in an unprecedented move, Microsoft not only released a patch for all versions of IE, they also issued a patch for Windows XP.  It is well-known that they said that there would be no more however, Microsoft contends that since this vulnerability existed long before the deadline for Windows XP, that an exception was in order.  I applaud them for that decision.

The security bulletin that announces the patch can be found here .

Otherwise, if you have Automatic Updates turned on, it will push for you.

SO – Remember – if you did perform the workaround, you should UNDO it after you apply the patch.

You can then return to watching flash-based content in Internet Explorer.

EVEN if you primarily use FireFox, or another browser, Internet Explorer may still be on your computer, and we DO recommend that you update it.

twitterredditlinkedinmailtwitterredditlinkedinmail

Internet Explorer Vulnerability?

I’m sure you have probably heard on the news, or been sent an email describing the terrors of the Internet Explorer vulnerability.  It is concerning when so many IT companies want to use scare tactics to get in the door of your company.  Yes, there is a concern – yes it is real.  But does it apply to you ?

Do you use FireFox, or Chrome, or Safari, or Opera ?  Then this doesn’t apply to you.  There are other issues which may be present with your chosen browser, but this one isn’t yours. You may safely stop reading and enjoy the rest of your day. However, some people *must* use Microsoft’s Internet Explorer as it is required by their software or their workplace.  What can you do ?

First of all you must know the conditions that must be met for this vulnerability to apply to you:

  • You must be using Internet Explorer
  • You must be viewing an animation that requires Adobe Flash

Not doing that ?  Then you need not worry.

You ARE doing that ?  Well, then we need to do something until Microsoft releases its patch to remedy the vulnerability.
The easiest thing to do is simply disable flash until it is fixed.  Now, you *can* install FireFox, Chrome, or another browser if you like, but you should be aware that they may not work with your software.

This isn’t difficult to do.

6 steps (not kidding) – if you have dual monitors, put these instructions up on one screen and do the steps on the other:

  • While in Internet Explorer
  • Click on Tools Menu item or Gear in the upper right hand corner of your screen
  • Choose Manage Add-Ons
  • Locate Shockwave Flash Object (Under Adobe Systems)
  • Highlight it
  • Click “Disable” in the lower right hand corner

How does this affect me while I wait for Microsoft to release the patch for this vulnerability?

You will not be able to view any animations which require Adobe Flash.  An example would be YouTube animations.

We fully expect Microsoft to release a solution by early next week.

twitterredditlinkedinmailtwitterredditlinkedinmail

Windows XP – Zero Day

Do you remember Y2K?  Do you remember when the magnetic poles of the earth shifted and all life ceased to exist?  People make some wild claims, but if you become informed and remain calm, then the challenges that change brings are not so bad.

So – here we have Windows XP.  What to do?  “ZERO DAY IS UPON US”, says the headlines of technical journals everywhere.  So where is the hype and what is the truth?  I’m glad you asked.

Zero day is real.  It is a date that Microsoft will no longer offer security updates of any kind (unless you have a contract with them) to Windows XP.  Why is that a big deal?  Because if there are no more security updates, then hackers will be able to find and exploit vulnerabilities without fear of being stopped by the next security update.  In a business environment, Windows XP is a two-edged sword; on one side, it was easy to develop software that interacted with XP and made it extensible and many people did

– on the other side, because of the way that Windows 7 differed from Windows XP, many programs would not run in the same way.

So, the real questions are :

  1. Do you have any programs that were specifically written for Windows XP that will not run in Windows 7 ?
  2. Do you run or keep confidential information on computers running Windows XP ?

If the answer to question number 1 is “no”, AND the question to number 2 is “yes”, then I will tell you without pause that it is in your best interest to upgrade your computers NOW.  The largest threat we are facing in the technological world right now is electronic theft.  Sometimes it is personal information, sometimes it is credit card information, but the new threat is information that has greater implications.  To steal corporate information that has trade secrets and to sell them to competitors, to steal legal or medical information that yields TONS of information that can be used to do all sorts of evil – these are the issues that concern us the most.

I understand wanting to save money – and I understand that people resist change.  I also understand that the reason we have vaccines is because someone figured out a way to stop certain diseases.  In this illustration, the “vaccine” of which I speak is the replacement of the old computer.  Let it go.  Back up your data (or better yet, keep your old hard drive), and get a new computer.  If you are afraid of the way that Windows 8 works, there are plenty of ways to make it look like Windows 7.

In the end, our advice is simple: upgrade your computers.  It simply isn’t worth the risk.  Will the magnetic poles of the earth shift if you don’t? Unlikely, but in the event it does, one would imagine that this will not be your largest concern.

twitterredditlinkedinmailtwitterredditlinkedinmail

Disaster Recovery?

It sounds alarmist – complicated – and you don’t need it for you and your company, right?

WRONG!!!!

The real value to your company is not the hardware – it is you, your hard work and your data.  Think about that.  How long (hours, days, weeks) can your company be out of business while you recover from an unwanted technological “event”.

Let’s talk about what Business Continuity/Disaster Planning and Recovery really means for your company’s technology.  Consider these real-life client scenarios
(names and companies have been omitted):

  • Your server’s hard drive melts (not kidding) – no one in your entire company can work with network files and no Business Continuity plan has been implemented.  Hard drive is unrecoverable – all company data is lost
  • Your Anti-Virus/Anti-Malware misses a new piece of Ransomware – your data is entirely encrypted unless you pay the ransom – or can restore from a valid backup created before infection.
  • You/ your dog/your cat/your child – spews an undefined substance on your laptop and fries internal components.  Guess what?  The warranty expired yesterday.

I think I’ve made the case for a sound Business Continuity and Disaster Recovery plan.  Want to hear even better news?  It’s not as expensive as you might think – and it is easily implemented.

We understand that most people want to stick their head in the sand, say someday I’ll look into it, someday do a test restore of their backups, someday automate their routine or, the most dangerous:

 It can’t happen to me

These things can and do occur – and we charge a lot more to recover the data than the prevention would have cost.

Have you ever been asked for your disaster recovery plan?  The foreboding name almost asks for a catastrophe. That is why we counsel our clients to not make one unless they absolutely have to.

WHAT?  That is crazy talk!

Bear with me.

The idea of operating a business is one that depends on many factors.  For most of us, the technology that we use is the lifeline of operations.  How much business could business do without the internet and their computers?  In today’s world, not too much.  When a disaster strikes, things often grind to a halt.  But when we concentrate on containment and rebuilding, we admit to ourselves that we are willing to accept the disaster.  On the other hand, what if we planned for something else?  What if our plan was business continuity?

Disaster Recovery vs Business Continuity.

EVENTDisaster Recovery (DR)Business Continuity (BC)
   
The server bursts into flames1) Extinguish Flames2) Get new server

 

3) Locate backups

4) Restore Operating System

5) Update to latest patches

6) Restore from backup

7) Expected downtime? Weeks

1) Extinguish Flames2) Spin up image of burned computer on BC computer

 

3) Continue Working

4) The IT department rebuilds while the company continues to operate

5) Expected downtime? 2 hours

   
The office bursts into flames1) Let the firemen do their jobs2) Find a new building

 

3) Buy new equipment

4) Locate your OFF_SITE backups (you have those, right?)

5) Start to restore your world

6) Expected downtime? Weeks, Months, NEVER ?

1) Let the firemen do their jobs2) Spin up the server images from the remote BC server

 

3) Go to a local store and buy a laptop

4) Attach to remote BC server and continue working

5) Expected downtime? 1 day.

Backups have been the bane of existence of IT people since devices started failing.

  • Tape drives are slow and notoriously unreliable.
  • Backup hard drives are fine for archiving – but recovery is not ideal
  • Backups to the cloud are ok, as long as you have a server and an operating system that will receive them
  • People do not have the time to look after their own backups
  • Since very few people ever do a test restore, the restoration process is foreign.  The time to learn is not while the flames are being extinguished.

I was talking to the Executive Vice President of a national retail chain and he asked me if I would pay $ 1,000.00 for the pencil he had in his hand.  When I told him that it was too expensive, he asked me if I would pay $ 1,000.00 for his Rolls Royce.  When I told him that I would, he answered “it wasn’t too expensive … it is the same $ 1000.00.  The difference is the value”.

Designing Business Continuity systems will not be done from the parking meter money you keep in your car.  There is an investment to be made.  However, according to the Institute for Business and Home Safety, an estimated 25 percent of businesses do not reopen following a major disaster.  That is an alarming statistic.

The remaining question is simply math.  What is the value of your business to you? What if you could prepare to continue on even in the face of natural disaster?

twitterredditlinkedinmailtwitterredditlinkedinmail

Something easy for all you Windows users out there

I sometimes forget that the simple things can be the most productive.  So today, I am going to make your day a little easier with two little-known keystrokes that can save you a lot of time.

The only caveat is that you must first locate the WINDOWS key on your keyboard.  It is typically on the same row as your space bar and is usually the Microsoft Logo.

Got it ?

The rest is easy.

It is time to get up from your computer and you have left something that you don’t want others to see and/or modify what you are working on.

Hit the WINDOWS key and the letter L – want to try it now ??  I’ll wait, go ahead …

Wasn’t that cool ?

One more (I use this one a lot) – need to minimize everything on your desktop ?  Sure, you could go mouse over to that little box to the right of the clock and click that, OR you could very quickly hit the WINDOWS key and the letter M.

So, if you can remember that L locks the computer and M minimizes the apps, you can fly through your day a little faster.

twitterredditlinkedinmailtwitterredditlinkedinmail