2023 February Savvy Cybersecurity Newsletter
In this issue:
- An Update on Tax Identity Theft
- Savvy Cybersecurity quick links
- Software updates
Dear Sir or Madam,
Welcome to your February Savvy Cybersecurity newsletter. Read on to learn more about:
- An update on the Experian website glitch
- A cyberattack hits the FBI
- And more
An Update on Tax Identity Theft
Tax identity theft has been a threat for many years affecting millions of taxpayers. There are various schemes used by scammers including phone calls and phishing text messages and emails. In recent years, however, we have seen a decrease in successful tax identity theft attacks due to education and some precautionary actions taken by the IRS. Still, it is important to be aware of these threats.
How does tax identity theft happen
Phone scams are one of the most common scams deployed by identity theft fraudsters. You have likely received one of these fake calls over the years appearing to be from the IRS and demanding money for tax debts. The scammers create a sense of urgency and fear that results in many giving over money or personal information. It is important to remember that the IRS will contact you via letter if there is something wrong with your tax information—not over the phone.
Phishing messages are also a widely used method of scamming taxpayers. These messages may appear to come from the IRS or even your bank or tax preparer. For instance, some consumers reported receiving phishing emails from their tax preparer last year that either asked for personal information or requested that they download an attachment. Again, remember that the IRS will not contact you via email. If you receive something from your bank or accountant, be sure to call and confirm that they really sent it.
How to protect yourself
In addition to being aware of the tax scams that exist, there are steps you can take to help lock down your tax return. A few years ago, the IRS introduced Identity Protection PINs (IP PINs) to help protect taxpayers. IP PINs are six-digit numbers that prevent someone else from filing a return in your name. You must submit your PIN to verify your return.
When IP PINs were first introduced, they were only available to proven victims of identity theft or residents of certain states. Now, anyone can apply for an IP PIN. You can request the IP PIN on the IRS website. You will need to prove your identity by answering some questions.
Once you are set up with an IP PIN, you will receive a new one each year. It will be available in your online IRS account so be sure to protect that with a strong password. You or your tax preparer will submit your IP PIN when you sign and submit your return.
An additional "security" layer by the IRS
Last year, the IRS announced a partnership with ID.me using facial recognition software to identify taxpayers' identities. This move was controversial among security experts and taxpayers as it required individuals to upload selfie data to ID.me in order to set up an online IRS account. As an alternative, the IRS allowed individuals to video chat with ID.me representatives instead of sending biometric data as a short-term fix. However, the IRS still has not come up with an alternative for taxpayers.
The federal government and the IRS have been at work to create a secure way to log into federal websites. Login.gov has still not been launched.
Cybersecurity update
Last month we reported on a glitch within Experian's website that allowed anyone to access your credit report. The issue was published by security expert, Brian Krebs. Krebs has reported this month that Experian has fixed the issue, but credit reports were accessible for 47 days.
Cybersecurity shorts
T-Mobile CEO spins recent breach saying their investment in cybersecurity protected data. Top executives at T-Mobile are insisting that the company's investments in cybersecurity are paying off, despite a string of security incidents. CEO Mike Sievert preached, "The investments we made in 2022, including our cybersecurity capabilities, showed up in a critical way a few weeks ago" referencing a criminal attack they were able to shut down within 24 hours and were able to protect sensitive data. However, many are skeptical due to a November 25 breach which exposed data on about 37 million customers. After the call, T-Mobile declined to answer any questions about ongoing investigations and specific areas of investment in cybersecurity. Read more here.
FBI office in New York City hit with cyberattack. The field office has reportedly contained the incident that affected an office computer used in child sexual exploitation investigations. The FBI is currently investigating the incident.
US and UK have sanctioned members of Russian-based cybergang, TrickBot. Earlier this month, the US and British governments announced sanctions on several people affiliated with the Russia-based TrickBot cybercrime gang. The sanctions given are just the latest in a series of very aggressive actions taken by the US government against ransomware operators and their infrastructure. Giving these sanctions marked the first time the British government issued sanctions over ransomware.
Agencies warn that North Korean ransomware is targeting hospitals. According to a jointly released alert from multiple US and South Korean agencies, North Korea is deploying ransomware in the healthcare sector to supplement cyber ops against both the US and South Korean governments. Alerts have been sent out by National Security Agency, FBI, CISA, the Republic of Korea's Defense Security Agency, and more warning that Pyongyang is using illicit cryptocurrencies obtained from the attacks to support state-backed espionage operations that target US defense networks and the defense industrial base.
Canadian book retailer facing cybersecurity incident. The book retailer, Indigo Books & Music Inc, experienced a "cybersecurity incident" that impacted its website and electronic payment system. The company still remained offline for almost a week after it first went dark. The company remains tight-lipped on the situation but assured customers that their credit/debit card information and other personal information were not compromised. Read more about the incident here.
Critical infrastructure highlights a link between sustainability and cybersecurity – here's how. While it may not be very apparent, cybersecurity and sustainability are intricately linked. Our sustainability goals like the shift to renewable energy sources, more efficient energy use, and others, are typically pursued against the backdrop of increased malicious activity from threat actors that target critical infrastructure like gas, oil, and electricity. A notable example of the intersection is the Colonial Pipeline ransomware incident that sent many panicking. This article highlights how critical infrastructure, sustainability, and cybersecurity are linked.
Software updates
Microsoft: Three zero-day exploits were patched in this month's Microsoft update. These vulnerabilities are currently being exploited by hackers and affect the Windows Common Log File System Driver. Other updates include fixes to Microsoft Word and Outlook. You can learn more about the updates here.