Information Technology Security Alert


Options: Use Forum View

Use Monospaced Font
Show HTML Part by Default
Condense Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
multipart/signed; protocol="application/x-pkcs7-signature"; micalg=SHA1; boundary="----=_NextPart_000_005D_01D3BF72.CF998C80"
Mon, 19 Mar 2018 16:10:00 +0000
Cheryl O'Dell <[log in to unmask]>
Cheryl O'Dell <[log in to unmask]>
Information Technology Security Alert <[log in to unmask]>
To: Aaron McCluskey <[log in to unmask]>, Alex Batalkin <[log in to unmask]>, Alex Wacha <[log in to unmask]>, Andrew Agena <[log in to unmask]>, Andrew Amen <[log in to unmask]>, Angela Patton <[log in to unmask]>, Annie Mulligan <[log in to unmask]>, Brad Weakly <[log in to unmask]>, Brian Farleigh <[log in to unmask]>, Bryan Kinnan <[log in to unmask]>, Cathy Fox <[log in to unmask]>, Christie Strain <[log in to unmask]>, Dan Floyd III <[log in to unmask]>, David Hartline <[log in to unmask]>, David Merriman <[log in to unmask]>, David Nielsen <[log in to unmask]>, David Svatora <[log in to unmask]>, Diane Schroeder <[log in to unmask]>, Drashti Bhatt <[log in to unmask]>, Dwight Leggott <[log in to unmask]>, Edwin Mukusha <[log in to unmask]>, Eli Morton <[log in to unmask]>, Eric Haffey <[log in to unmask]>, Frank Dolezal <[log in to unmask]>, Gary Kimminau <[log in to unmask]>, Gary Meyer <[log in to unmask]>, Greg Gray <[log in to unmask]>, Greg Tunink <[log in to unmask]>, Gregory Paff <[log in to unmask]>, Harrison Boateng <[log in to unmask]>, Helen Fankhauser <[log in to unmask]>, James Johnson <[log in to unmask]>, James Nau <[log in to unmask]>, James Sewing <[log in to unmask]>, Jeffrey Jackson <[log in to unmask]>, Jeffrey Sherrill <[log in to unmask]>, John Amgwert <[log in to unmask]>, John Ferrin <[log in to unmask]>, Joseph Morris <[log in to unmask]>, Jun Wang <[log in to unmask]>, Justin Baugher <[log in to unmask]>, Kaleb Kreft <[log in to unmask]>, Kathy Notter <[log in to unmask]>, Kay Kasl <[log in to unmask]>, Kurtis Slater <[log in to unmask]>, Kyle Holz <[log in to unmask]>, lifesciences_support <[log in to unmask]>, Linda White <[log in to unmask]>, Loren Blinde <[log in to unmask]>, Mary Fuller <[log in to unmask]>, Mary Sutton <[log in to unmask]>, Matthew Kutscher <[log in to unmask]>, Melody Scholl-Miller <[log in to unmask]>, Melvin Primus <[log in to unmask]>, Michaela Grube <[log in to unmask]>, Nathan Wiest <[log in to unmask]>, Noel Judd <[log in to unmask]>, Patrick Snyder <[log in to unmask]>, Rene Mayo Rejai <[log in to unmask]>, Roger Korth <[log in to unmask]>, Rory Reynoldson <[log in to unmask]>, Roxane Ellis <[log in to unmask]>, Seamus Cotter <[log in to unmask]>, Seth Korber <[log in to unmask]>, Stephen Panarelli <[log in to unmask]>, Stephen Panarelli <[log in to unmask]>, Timothy Ferguson <[log in to unmask]>, Todd Lanham <[log in to unmask]>, Tom Brison <[log in to unmask]>, Tracy Leifert Tonniges <[log in to unmask]>, Travis Heller <[log in to unmask]>, Vicki Wenant <[log in to unmask]>, Warren Werner <[log in to unmask]>, William Barrera <[log in to unmask]> cc: ITS-Security <[log in to unmask]>
text/plain (7 kB) , text/html (32 kB) , image001.png (7 kB) , image007.emz (29 kB) , image009.jpg (29 kB) , image010.png (4 kB) , image002.wmz (35 kB) , image003.png (10 kB) , smime.p7s (5 kB)

March 2018

Volume 13, Issue 3 


Staying Safe from Tax Scams














From the offices of Cybersecurity and Identity____________________       

Though Benjamin Franklin is often quoted as saying "in this world, nothing
can be said to be certain, except death and taxes," an updated version for
the current day would need to include tax scams. As people nationwide seek
to file their tax returns, cybercriminals attempt to take advantage of this
with a variety of scams. Hundreds of thousands of U.S. citizens are targeted
by tax scams each year, often only learning of the crime after having their
legitimate returns rejected by the Internal Revenue Service (IRS) because
scammers have already fraudulently filed taxes in their name. The IRS
reported a 400% rise in phishing scams from the 2015 to the 2016 tax season.
In the state, local, tribal, and territorial government sector during 2017,
approximately 30% of all reported data breach incidents were related to the
theft of W-2 information, which was likely used for tax fraud.


How is Tax Fraud Perpetrated?

Unfortunately, much of your personal information can be gathered from
multiple locations online with almost no verification that the right person
is receiving the information. Criminals know this, so they use this trick to
get your personal information from a variety of websites and use the
information to file a fake tax refund request! If a criminal files a tax
return in your name before you do, they will file it with false information
to get a large refund, forcing you to go through the arduous process of
proving that you did not file the return and subsequently correcting the
return. Once they have your personal information, criminals can continue to
commit identity theft well beyond the tax season. 


Another favorite technique used by criminals during the tax season is
sending phishing messages indicating that a new copy of your tax form(s) is
available. These emails often impersonate state, local, tribal, and
territorial government comptroller and/or IT departments. They might include
a link to a phishing website that uses your organization's logo and the
email might even have the right signature line. If you fill out or attempt
to login into the phishing website, the criminals will be able to see your
login name and password, which they can then use to try and compromise your
other accounts. The more information they gather from you, the easier it is
for them to use the information to file a fake tax return in your name. 


Tax fraudsters also impersonate the IRS and other tax officials to threaten
taxpayers with penalties if they do not make an immediate payment. This
contact may occur through websites, emails, or threatening calls and text
messages that look official but are not. Sometimes, criminals request their
victims pay the "penalties" via strange methods like gift cards or prepaid
credit cards. It is important to remember:

.         The IRS will not initiate contact about payment with taxpayers by
phone, email, text messages, or social media without sending an official
letter in the mail first.

.         The IRS will not call to demand immediate payment over the phone
using a specific payment method such as a debit/credit card, a prepaid card,
a gift card, or a wire transfer.

.         The IRS will not threaten to immediately notify local police or
other law-enforcement agencies to have you arrested for not paying.

.         The IRS will not demand that you pay taxes without giving you the
opportunity to question or appeal the amount you owe.


What Can You Do?

Here are some basic tips to help you minimize the chances of becoming a
victim of a tax scam:

.         If you haven't already, file your taxes as soon as you can.before
the scammers do it! 

.         Be aware of phone calls, emails, and websites that try to get your
information, or pressure you to make a payment. If something seems
suspicious, contact the organization through a known method, like their
publicly posted customer service line.

.         Ignore emails and texts asking for personal or tax information. Be
cautious as to whom you provide your information, including your Social
Security Number and date of birth.

.         Don't click on unknown links or links from unsolicited messages.
Type the verified, real organizational website into your web browser.

.         Don't open attachments from unsolicited messages, as they may
contain malware.

.         Only conduct financial business over trusted websites. Don't use
public, guest, free, or insecure Wi-Fi networks.

.         Remember, the "HTTPS" does not mean a site is legitimate.  

.         Shred all unneeded or old documents containing confidential and
financial information.  

.         Check your credit report regularly for unauthorized activity.
Consider putting a security freeze on your credit file with the major credit
bureaus if you suspect you have been targeted for identity theft. 


If you receive a tax-related phishing or suspicious email at work, report it
according to your cybersecurity policy. The IRS encourages taxpayers to send
suspicious emails related to tax fraud to its  <mailto:[log in to unmask]>
[log in to unmask] email account or to call the IRS at 800-908-4490. More
information about tax scams is available on the
<> IRS website and in the
or-2017> IRS Dirty Dozen list of tax scams.


If you suspect you have become a victim of tax fraud or identity theft, the
Federal Trade Commission (FTC)  <> Identity
Theft website will provide a step-by-step recovery plan. It also allows you
to report if someone has filed a tax return fraudulently in your name, if
your information was exposed in a major data breach, and many other types of








The information provided in the MS-ISAC Monthly Security Tips Newsletter is
intended to increase the security awareness of an organization's end users
and to help them behave in a more secure manner within their work
environment. While some of the tips may relate to maintaining a home
computer, the increased awareness is intended to help improve the
organization's overall cyber security posture. This is especially critical
if employees access their work network from their home computer.
Organizations have permission and are encouraged to brand and redistribute
this newsletter in whole for educational, non-commercial purposes.

Disclaimer: These links are provided because they have information that may
be useful. The Center for Internet Security (CIS) does not warrant the
accuracy of any information contained in the links and neither endorses nor
intends to promote the advertising of the resources listed herein. The
opinions and statements contained in such resources are those of the
author(s) and do not necessarily represent the opinions of CIS.




Cheryl O'Dell, CISSP, GCFE

Security Awareness & Incident Response Manager

Cybersecurity & Identity|ITS|

501 127H, 68588-0203

University of Nebraska |


402-472-7851 (o)