Monday, July 31, 2017

34th Annual National Night Out, Tuesday August 1st, 2017


National Night Out is an annual community-building campaign that promotes police-community partnerships and neighborhood camaraderie to make our neighborhoods safer, more caring places to live. National Night Out enhances the relationship between neighbors and law enforcement while bringing back a true sense of community. Furthermore, it provides a great opportunity to bring police and neighbors together under positive circumstances.

Millions of neighbors take part in National Night Out across thousands of communities from all fifty states, U.S. territories, Canadian cities, and military bases worldwide on the first Tuesday in August (Texas celebrates on the first Tuesday in October). Neighborhoods host block parties, festivals, parades, cookouts and various other community events with safety demonstrations, seminars, youth events, visits from emergency personnel, exhibits and much, much more.

*If your community isn't hosting an event on Aug. 1st, '17, Check with your local police, sheriff department about hosting an event, crime prevention promotion and participation can be on any night of the week!

Be safe , participate as the eyes and ears for your community and report crimes.

For more information on the National Association of Towns Watch and the sponsors, click on the link below.

National Assoc. of Town Watch, NNO

Tuesday, May 9, 2017

New FTC website helps small businesses

New FTC website helps small businesses

When scammers and hackers attack small businesses, it hurts not only the businesses’ reputations and bottom line, but also the integrity of the marketplace. Today, FTC Acting Chairman Maureen Ohlhausen announced a new FTC website,, to help business owners avoid scams, protect their computers and networks, and keep their customers’ and employees’ data safe. If you own a business you’ll want to check it out.
At you’ll find:
  • Tips on how to avoid scams that target businesses
  • Advice to help you protect your customers’ and employees’ sensitive data
  • Videos that show what you can do to secure your business’s networks
You can also find the FTC’s newest article Small Business Computer Security Basics, which has tips to help companies protect their files and devices, train employees to think twice before sharing account information, and keep their wireless network protected. The article also tells you what to do if a hacker gets into your computers or networks.
So go to, bookmark it, and visit it often. And subscribe to the FTC’s Business Blog to stay connected.

FTC- Website for Small businesses


Thursday, May 4, 2017

Google Docs Scam - Emails being sent out from individuals in your contact list, "do not open the link"

5/4/17 : Alert - Google Docs Scam: See the information posted below from Google Twitter feed on how they are addressing the issue. Do not click on the links in emails from your contact list requesting to open.

RColeman, CPAM Rep.

We've taken action to protect users against an email impersonating Google Docs & have disabled offending accounts. We’ve removed the fake pages, pushed updates through Safe Browsing, & our abuse team is working to prevent this from happening again. We encourage users to report phishing emails in Gmail. If you think you clicked on a fraudulent email, visit & remove apps you don't recognize.

Monday, April 17, 2017

Stop, Think, Connect -#lockdownURlogin

Friends Newsletter

April 2017

Decluttering Your Digital Life

Start fresh this spring – online and offline. In addition to the traditional tasks on your spring cleaning list like tidying the closet and washing the windows, take time to create a “digital spring cleaning” list as well.
What exactly does a “digital spring cleaning” entail?
A digital spring cleaning means taking control of your digital life and the information that you share online. Similar to regular cleaning or tidying one’s home, it might seem like a daunting task at first. In reality, just a few simple steps can make a big difference in helping protect yourself online.
The Department of Homeland Security recommends that you incorporate these cyber tips into your spring cleaning routine this year.

  • Clean your machine. Update the security software on all of your devices that connect to the Internet.  Keeping the software on your devices up to date will prevent attackers from taking advantage of known vulnerabilities. Also review the applications you have downloaded. If you no longer use a particular app, delete it. It’ll not only free up storage space on your device, but it will also remove permissions that app has to potentially gather your information. 
  • Turn on multi-factor authentication. Enable stronger authentication on your online banking and email accounts. Turning on a two-factor authentication, such as a PIN sent to your mobile device, helps verify a user has authorized access to an account. For more information about authentication, visit the Lock Down Your Login Campaign at
in this issue
Decluttering Your Digital Life
How Much Do You Know About the Basics of Cybersecurity?

BGCA Conference Recap

Cyber Quiz

Take Your Child to Work Day

Ready-to-Use Social Media Posts

featured resources
Office of Personnel Management’s (OPM) is a new resource from OPM that helps hiring managers by providing recruiting and compensation resources, recruiting tools that help automate cyber position descriptions, and information on employing students as well as veterans. The website is also a great tool for individuals looking to find a job as a cybersecurity professional. Find out more at

Thursday, April 13, 2017

Business Watch Tip, "Stop Think Connect" - Ransomeware Facts & Tips

FTC: Scam - “I have an emergency and need money”

Federal Trade Commission:   “I have an emergency and need money”

If you’ve ever gotten one of those calls, you know how alarming they can be. And that’s exactly what the scammers count on. They want you to act before you think – and acting always includes sending them money: by wiring it or by getting a prepaid card or gift card, and giving them the numbers on the card. Either way, your money’s gone.

Here’s the story of Pablo Colón from Bridgeport, Connecticut, and his family. When both his sister and his father got a call about a family “emergency,” Pablo spotted the scam. And, luckily for the good people of Bridgeport, Pablo’s family owns a radio station – so he put the story on the air and warned his community.

Talking about a scam is important – even if only one person is listening, instead of the thousands who heard Pablo’s story. So watch this video. And then pass it on. Today, tell someone about this scam, about Pablo’s story, about why we should all talk about the about the scams we see.

And, whenever you spot a scam, please tell the FTC.

FTC Video message

Wednesday, March 1, 2017

IRS, States and Tax Industry Renew Alert about Form W-2 Scam Targeting Payroll, Human Resource Departments

IR-2017-10, Jan. 25, 2017                                                                    Español

WASHINGTON – The Internal Revenue Service, state tax agencies and the tax industry today renewed their warning about an email scam that uses a corporate officer’s name to request employee Forms W-2 from company payroll or human resources departments.
This week, the IRS already has received new notifications that the email scam is making its way across the nation for a second time. The IRS urges company payroll officials to double check any executive-level or unusual requests for lists of Forms W-2 or Social Security number.
The W-2 scam first appeared last year. Cybercriminals tricked payroll and human resource officials into disclosing employee names, SSNs and income information. The thieves then attempted to file fraudulent tax returns for tax refunds.
This phishing variation is known as a “spoofing” e-mail. It will contain, for example, the actual name of the company chief executive officer. In this variation, the “CEO” sends an email to a company payroll office or human resource employee and requests a list of employees and information including SSNs.

The following are some of the details that may be contained in the emails:
  • Kindly send me the individual 2016 W-2 (PDF) and earnings summary of all W-2 of our company staff for a quick review.
  • Can you send me the updated list of employees with full details (Name, Social Security Number, Date of Birth, Home Address, Salary).
  • I want you to send me the list of W-2 copy of employees wage and tax statement for 2016, I need them in PDF file type, you can send it as an attachment. Kindly prepare the lists and email them to me asap.
Working together in the Security Summit, the IRS, states and tax industry have made progress in their fight against tax-related identity theft, cybercriminals are using more sophisticated tactics to try to steal even more data that will allow them to impersonate taxpayers.

IRS News Releases 2017

Friday, January 27, 2017

FTC Hosts Tax Identity Theft Awareness Week Jan. 30th - Feb. 3rd, 2017


1/25/17, Webinars, Social Media Events focus on helping consumers reduce their risk.

The Federal Trade Commission will mark Tax Identity Theft Week, January 30 - February 3, with a series of events to alert consumers and businesses to ways they can minimize their risk of tax identity theft, and recover if it happens.

What is tax identity theft? It’s when a scammer files a fraudulent tax return using someone else’s Social Security number (SSN) and steals the victim’s refund. Employment-related tax identity theft occurs when someone uses another person’s SSN to earn wages that are then reported as the victim’s income.

This year’s Tax Identity Theft Awareness Week will feature special events for consumers, tax professionals, small businesses and veterans. The FTC will join with the IRS, the Department of Veterans Affairs, the AARP Fraud Watch Network and others to discuss tax identity theft, IRS imposter scams, cybersecurity and identity theft recovery. Learn more – and join the discussion – at the following events (all times listed are Eastern):

Jan. 30, 2 p.m. The FTC, IRS, and the National Association of Tax Professionals offer a webinar for tax professionals – Tax Identity Theft: Tax Professionals on the Ramparts. Topics include scams targeting tax professionals, cybersecurity, protecting client data, and how tax professionals can help identity theft victims.

Jan. 31, 3 p.m. The FTC and the Identity Theft Resource Center invite consumers to join a Twitter chat focused on tax identity theft, how to protect yourself, and what to do if you become a victim.

Feb. 1, 11 a.m. The FTC and the Department of Veterans Affairs co-host a Twitter chat about tax identity theft for service members, veterans, and their families. Learn to minimize your risk and how to recover if tax identity theft happens to you.

Feb. 1, 1 p.m. The FTC, Department of Veterans Affairs, and the Treasury Inspector General for Tax Administration discuss tax identity theft, IRS imposter scams, how to lower your risk, and what to do if you become a victim, during a webinar for veterans, their families, and those who serve them.

Feb. 1, 4 p.m. The FTC and IRS offer a free webinar for small businesses: Protecting Sensitive Business and Customer Information. Learn about tax identity theft, imposter scams targeting businesses, data breach avoidance and response, and free resources to help you protect your business, employees and customers.

Feb. 2, 2 p.m. The FTC, AARP Fraud Watch Network, AARP Foundation’s Tax-Aide program, and the Treasury Inspector General for Tax Administration co-host a webinar about how tax identity theft and IRS imposter scams occur, and recovery steps for victims.

In addition to these events, the FTC has created a wide array of materials to help educate people about this growing issue, all of which can be found at The materials are available in English and Spanish, and feature ways that people can share information about tax identity theft with their friends and families.

The Federal Trade Commission works to promote competition, and protect and educate consumers. You can learn more about consumer topics and file a consumer complaint online or by calling 1-877-FTC-HELP (382-4357). 

Like the FTC on Facebook (link is external), follow us on Twitter (link is external), read our blogs and subscribe to press releases for the latest FTC news and resources.




Friday, January 13, 2017

FTC - "Pass It On" commuity outreach program / Video

"Pass it on in your community"

Pass it On is the FTC’s consumer education campaign designed to encourage older adults to talk to their friends, neighbors, and relatives about scams. Because we’ve learned that sharing what you know can help protect someone who you know from a scam.
Now, we’ve got a new video that highlights how some local organizations are getting in on the act and using Pass it On materials in their communities – all in different ways. For instance, a Massachusetts agency distributes fraud prevention materials at community centers serving older consumers. A Connecticut publisher and state consumer protection office use the Pass it On tips in a community newspaper published in several languages. And a group of older actors performs skits for their peers in Southern California, giving their audience a heads-up on the latest frauds and rip-offs.

What can you do? Well, you probably know someone who could use a few tips on spotting scams. The next time you’re at your local library, church, or temple, or even visiting a relative in a nursing home, take a stack of Pass it On materials with you. You can order them online for free, in bulk, in English and Spanish.

Do you have other ideas on sharing tips in your community? Let us know your take on passing it on.

 Click the link below to see the FTC video.

FTC - Pass it on , Video


Tuesday, January 3, 2017

FTC - Understanding Mobile Apps

If you have a smart phone or other mobile device, you probably use apps – to play games, get turn-by-turn directions, access news, books, weather, and more. Easy to download and often free, mobile apps can be so much fun and so convenient that you might download them without thinking about some key considerations: how they’re paid for, what information they may gather from your device, or who gets that information.

Mobile App Basics

What’s a mobile app?

A mobile app is a software program you can download and access directly using your phone or another mobile device, like a tablet or music player.

What do I need to download and use an app?

You need a smart phone or another mobile device with internet access. Not all apps work on all mobile devices. Once you buy a device, you’re committed to using the operating system and the type of apps that go with it. The Android, Apple, Microsoft and BlackBerry mobile operating systems have app stores online where you can look for, download, and install apps. Some online retailers also offer app stores. You’ll have to use an app store that works with your device’s operating system. To set up an account, you may have to provide a credit card number, especially if you’re going to download an app that isn’t free.
Data Plans and Wi-Fi: Two ways to access the internet from your phone
You can access the internet using a data plan tied to your phone service, or through a Wi-Fi hotspot. Phone companies generally charge a monthly fee for a data plan that can connect you to the internet.
Wi-Fi connections usually are faster, but you have to be in range of a hotspot to use one. Most public Wi-Fi hotspots – like those in coffee shops, airports, and hotels – don't encrypt the information you send over the internet and are not secure. Get tips for using public Wi-Fi.
To set up a home wireless network, you'll need to pay for internet access and a wireless router, and you’ll want to take steps to secure the network.

Why are some apps free?

Some apps are distributed for free through app stores; the developers make money in a few ways:
  • Some sell advertising space within the app. The app developers can earn money from the ads, so they distribute the app for free to reach as many users as possible.
  • Some apps offer their basic versions for free. Their developers hope you’ll like the app enough to upgrade to a paid version with more features.
  • Some apps allow you to buy more features within the app itself. Usually, you are billed for these in-app purchases through the app store. Many devices have settings that allow you to block in-app purchases.
  • Some apps are offered free to interest you in a company’s other products. These apps are a form of advertising. 

Questions About Your Privacy

What types of data can apps access?

When you sign up with an app store or download individual apps, you may be asked for permission to let them access information on your device. Some apps may be able to access:
  • your phone and email contacts
  • call logs
  • internet data
  • calendar data
  • data about the device’s location
  • the device’s unique IDs
  • information about how you use the app itself
Some apps access only the data they need to function; others access data that’s not related to the purpose of the app.
If you’re providing information when you’re using the device, someone may be collecting it – whether it’s the app developer, the app store, an advertiser, or an ad network. And if they’re collecting your data, they may share it with other companies.

How can I tell what information an app will access or share?

It’s not always easy to know what data a specific app will access, or how it will be used. Before you download an app, consider what you know about who created it and what it does. The app stores may include information about the company that developed the app, if the developer provides it. If the developer doesn’t provide contact information – like a website or an email address – the app may be less than trustworthy.
If you’re using an Android operating system, you will have an opportunity to read the “permissions” just before you install an app. Read them. It’s useful information that tells you what information the app will access on your device. Ask yourself whether the permissions make sense given the purpose of the app; for example, there’s no reason for an e-book or “wallpaper” app to read your text messages.

Why do some apps collect location data?

Some apps use specific location data to give you maps, coupons for nearby stores, or information about who you might know nearby. Some provide location data to ad networks, which may combine it with other information in their databases to target ads based on your interests and your location.
Once an app has your permission to access your location data, it can do so until you change the settings on your phone. If you don’t want to share your location with advertising networks, you can turn off location services in your phone’s settings. But if you do that, apps won’t be able to give you information based on your location unless you enter it yourself.
Your phone uses general data about its location so your phone carrier can efficiently route calls. Even if you turn off location services in your phone’s settings, it may not be possible to completely stop it from broadcasting your location data.

Questions About Advertising

Why does the app I downloaded have ads in it? 

Developers want to provide their apps as inexpensively as possible so lots of people will use them. If they sell advertising space in the app, they can offer the app for a lower cost than if it didn’t have ads. Some developers sell space in their apps to ad networks that, in turn, sell the space to advertisers.

Why do I see the ads I do?

Advertisers believe you’re more likely to click on an ad targeted to your specific interests. So ad networks gather the information apps collect, including your location data, and may combine it with the kind of information you provide when you register for a service or buy something online. The combined information allows the mobile ad network to send you targeted ads – ads that may be relevant to someone with your preferences and in your location.

Malware and Security Concerns

Should I update my apps?

Your phone may indicate when updates are available for your apps. It’s a good idea to update the apps you’ve installed on your device and the device’s operating system when new versions are available. Updates often have security patches that protect your information and your device from the latest malware.

Could an app infect my phone with malware?

Some hackers have created apps that can infect phones and mobile devices with malware. If your phone sends email or text messages that you didn’t write, or installs apps that you didn’t download, you could be looking at signs of malware.
If you think you have malware on your device, you have a few options: you can contact customer support for the company that made your device; you can contact your mobile phone carrier for help; or you can install a security app to scan and remove apps if it detects malware. Security apps for phones are relatively new; there are only a few on the market, including some with free versions.

Mobile App User Reviews

Can I trust all the user reviews I read about an app?

Most app stores include user reviews that can help you decide whether to download. But some app developers and their marketers have posed as consumers to post positive comments about their own products. In fact, the Federal Trade Commission recently sued a company for posting fake comments about the apps it was paid to promote.
Keeping Up With Kids' Apps Infographic
Keeping Up With Kids'
Apps Infographic

Kids and Mobile Apps

What should I know before I download an app for my kids?

In a recent survey of mobile apps for kids, FTC staff found that kids’ apps might:
  • collect and share personal information
  • let your kids spend real money — even if the app is free
  • include ads
  • link to social media
What’s more, the apps might not tell you they’re doing it.
To learn more about an app before you download it, look at screen shots, read the description, content rating and any user reviews, and do some research on the developer. You also can look up outside reviews from sources you respect.

Are there ways to restrict how my kids use apps?

Before you pass the phone or tablet to your kids,  take a look at your settings. You may be able to restrict content to what’s right for your kid’s age, set a password so apps can’t be downloaded without it, and set a password so your kids can’t buy stuff without it. You also can turn off Wi-Fi and data services or put your phone on airplane mode so it can’t connect to the internet.
The best way to keep up with kids’ apps is try them out yourself and talk to your kids about your rules for using apps.

2017, Scam Alert: Yahool Customer Service Scam

Yahoo customer service scam

January 3, 2017, by  Andrew Johnson   Consumer Education Specialist, FTC
Need to contact Yahoo customer care? There are a few ways to do so — but, Yahoo warns that phone is not an option. That’s right: any phone number you come across in an internet search, claiming to connect you with Yahoo customer care, is fake.

Here at the FTC, we’ve gotten reports that consumers who called these fake customer care numbers were offered “Yahoo customer care services” for a fee.
But the truth is, Yahoo customer support is always free of charge. That means you should never pay to have your Yahoo password reset, for technical support, or help with security concerns. Also,

Yahoo won’t ask to remotely connect to your computer for any support-related request.

Click the link to see the video:

FTC - Yahool customer service scam video


FTC Report: Government Imposter Scams

Scammers sometimes pretend to be government officials to get you to send them money. They might promise lottery winnings if you pay “taxes” or other fees, or they might threaten you with arrest or a lawsuit if you don’t pay a supposed debt. Regardless of their tactics, their goal is the same: to get you to send them money.
Don’t do it. Federal government agencies and federal employees don’t ask people to send money for prizes or unpaid loans. Nor are they permitted to ask you to wire money or add money to a prepaid debit card to pay for anything.

How to Recognize a Government Imposter

Scammers pretend to be IRS officials to get you to send them money.
IRS Imposter Scams
It could be hard to recognize an imposter through the lies they tell. They use a variety of tricks to get your attention, whether it’s distracting you with a story about money you won or creating a fear that you’ll be sued or arrested.
Here are two deceptions that they have used successfully to steal money from people:

You’ve "Won" a Lottery or Sweepstakes

Someone claiming to be a government official calls, telling you that you’ve won a federally supervised lottery or sweepstakes. They may say they’re from “the national consumer protection agency,” the non-existent National Sweepstakes Bureau, or even the very real Federal Trade Commission — and it looks like they’re calling from a legitimate number. They also might send e-mails, text messages or letters.
They might:
  • tell you you’ll have to pay taxes or service charges before you can collect your winnings
  • ask you to send money to an agent of “Lloyd’s of London” or some other well-known insurance company to “insure” delivery of your prize
  • ask you to wire money right away, often to a foreign country
The truth is that no government agency or insurance company is involved, and there are no winnings. There never were. Scammers take the money you paid them and disappear.

You Owe a Fake Debt

You might get a call or an official-looking letter that has your correct name, address and Social Security number. Often, fake debt collectors say they’re with a law firm or a government agency — for example, the FTC, the IRS or a sheriff’s office. Then, they threaten to arrest you or take you to court if you don’t pay on a debt you supposedly owe.
The truth: there’s no legitimate reason for someone to ask you to wire money or load a rechargeable money card as a way to pay back a debt. If you’re unsure whether the threat is legitimate, look up the official number for the government agency, office or employee (yes, even judges) and call to get the real story. Even if it is a real debt, you have rights under the Fair Debt Collection Practices Act.
Variations on these scams include people claiming to be with the IRS collecting back taxes, or scammers posing as representatives of the United States Citizenship and Immigration Service (USCIS) who target immigration applicants and petitioners.

Five Ways to Beat a Government Imposter Scam

  1. Don’t wire money

Scammers often pressure people into wiring money, or strongly suggest that people put money on a prepaid debit card and send it to them. Why? It’s like sending cash: once it’s gone, you can’t trace it or get it back. Never deposit a “winnings” check and wire money back, either. The check is a fake, no matter how good it looks, and you will owe the bank any money you withdraw. And don’t share your account information, or send a check or money order using an overnight delivery or courier service. Con artists recommend these services so they can get your money before you realize you’ve been cheated.
  1. Don’t pay for a prize

If you enter and win a legitimate sweepstakes, you don’t have to pay insurance, taxes, or shipping charges to collect your prize. If you have to pay, it’s not a prize. And companies, including Lloyd’s of London, don’t insure delivery of sweepstakes winnings.
If you didn’t enter a sweepstakes or lottery, then you can’t have won. Remember that it’s illegal to play a foreign lottery through the mail or over the phone.
  1. Don’t give the caller your financial or other personal information

Never give out or confirm financial or other sensitive information, including your bank account, credit card, or Social Security number, unless you know who you're dealing with. Scam artists, like fake debt collectors, can use your information to commit identity theft — charging your existing credit cards, opening new credit card, checking, or savings accounts, writing fraudulent checks, or taking out loans in your name. If you get a call about a debt that may be legitimate — but you think the collector may not be — contact the company you owe money to about the calls.
  1. Don’t trust a name or number

Con artists use official-sounding names to make you trust them. It’s illegal for any promoter to lie about an affiliation with — or an endorsement by — a government agency or any other well-known organization. No matter how convincing their story — or their stationery — they're lying. No legitimate government official will ask you to send money to collect a prize, and they won’t call to collect your debt.
To make their call seem legitimate, scammers also use internet technology to disguise their area code. So even though it may look like they’re calling from Washington, DC, they could be calling from anywhere in the world.
  1. Put your number on the National Do Not Call Registry

Ok, so this won’t stop scammers from calling. But it should make you skeptical of calls you get from out of the blue. Most legitimate sales people generally honor the Do Not Call list. Scammers ignore it. Putting your number on the list helps to “screen” your calls for legitimacy and reduce the number of legitimate telemarketing calls you get. Register your phone number at

Report the Scam

If you get a call from a government imposter, file a complaint at Be sure to include:
  • date and time of the call
  • name of the government agency the imposter used
  • what they tell you, including the amount of money and the payment method they ask for
  • phone number of the caller; although scammers may use technology to create a fake number or spoof a real one, law enforcement agents may be able to track that number to identify the caller
  • any other details from the call
Curious about other imposter scams? Check out some of our previous scam alerts. And if you haven’t already, sign up to get new scam alerts by email.

FTC - Bar none: Imposter scams hit lawyers and other licensed professionals

By: Lesley Fair | Dec 28, 2016, Lesley Fair
Dec 28, 2016
Bureau of Consumer Protection

You oversleep, spill the coffee, and get caught in a rush hour traffic jam. Then you check your messages and the day really heads south because according to the State Bar (or Board of Accountancy, Medical Society, or other group), you’re in trouble with your professional association.  Or are you?

The FTC has been warning consumers for years about government imposter scams: phone calls or email falsely claiming to be from the IRS, the local sheriff’s office, immigration authorities, or even the FTC. Sometimes the voice on the other end threatens people with arrest if they don’t wire money immediately. Or they may want personal information – credit card numbers, banking data, or the like. The modus operandi is ever-evolving, but this much is true: The messages are false.

Now the bottom feeders have turned their attention to attorneys, accountants, doctors, and others who hold state licenses or certifications. With the click of a mouse, they mock up an official-looking – but not official, of course – email telling recipients that their licenses will be suspended unless they send past-due “fees” immediately. Some insist that you wire the money by the close of business, while others demand your credit card number.

In a variation on the scheme, fraudsters claim that someone has filed a professional complaint against you. To get the details, you’re directed to click on a link, which then installs malware on your computer.

Of course, State Bars and Boards regularly communicate with members via email – and yes, we all have to pay our annual dues. But if the circumstance is so serious that a person’s professional license is on the line, the first they’ll hear about it won’t be in email like that.

What should you do if you get a message claiming your dues are overdue, a complaint has been filed against you, the sender needs your trust account number, or your license is at risk? Call the Bar or Board directly. Just don’t use a phone number in the iffy email. Use one you know to be genuine – for example, the number on your membership card. And if it turns out to be a scam, report it to the FTC and warn others in your field that con artists may have them in their sights.

Thursday, November 17, 2016

Nov. 17, 1'6 --- IRS warns of a new tax bill scam

IRS warns of a new tax bill scam

We certainly understand if the latest IRS imposter scam makes you queasy: it involves a fake IRS tax notice that claims you owe money as a result of the Affordable Care Act.
The IRS says the fake notices are designed to look like real IRS CP2000 notices, which the agency sends if information it receives about your income doesn’t match the information reported on your tax return. The IRS says many people have gotten the bogus notices, which usually claim you owe money for the previous tax year under the Affordable Care Act.
It’s one of many IRS imposter scams that have popped up. As tax season nears, we’ll see more. The good news? There are red-flag warnings that can help you avoid becoming a victim. For example, the IRS will never:
  • Initiate contact with you by email or through social media.
  • Ask you to pay using a gift card, pre-paid debit card, or wire transfer.
  • Request personal or financial information by email, texts, or social media.
  • Threaten to immediately have you arrested or deported for not paying.
In the new scam, the fake CP2000 notices often arrive as an attachment to an email — a red-flag — or by U.S. mail. Other telltale signs of this fraud:
  • There may be a “payment” link within the email. Scam emails can link you to sites that steal your personal information, take your money, or infect your computer with malware. Don’t click on the link.
  • The notices request that a check be made out to “I.R.S.” Real CP2000s ask taxpayers to make their checks out to “United States Treasury” if they agree they owe taxes.
In the version we saw, a payment voucher refers to letter number LTR0105C, and requests that checks be sent to the “Austin Processing Center” in Texas. But scammers are crafty. They could send messages with a variety of return addresses.

You can see an image of a real CP2000 notice on the IRS web page, Understanding Your CP2000 Notice. If you get a scam IRS notice, forward it to and then delete it from your email account.

Let the FTC know too.

MI Dept of Education and Civil Rights - Addressing the issue of "Hate Speech" and resources

November 15, 2016

A Letter from State Superintendent Brian Whiston

and Michigan Department of Civil Rights Director Agustin Arbulu
Now is a time when all of us need to stand together. Every administrator, teacher, staff member, parent, guardian, bus driver and student must stand as one in condemning intolerable conduct regardless of message or motivation.

We are concerned that students and parents may be hearing mixed messages. Each of us must clearly and consistently convey the message that bullying, harassment, violence, property destruction or any other form of intimidation have no place in our schools. It does not matter who is engaging in the intimidation, which student is being targeted, or what the reason is for the intimidation. There are no legitimate reasons and there are no acceptable excuses. The behavior is wrong, and the behavior will not be tolerated.

Each of us has a responsibility to ensure that every teacher, every staff member and every parent/guardian does what they can to make certain that every student hears this message, and understands that the message is shared by everyone. Waiting for an incident to occur or for a complaint to be filed is not acceptable. Appropriate strategies include:

 Review, revise, and if necessary, redistribute your harassment/bullying policies. Outside events may have increased the number of incidents, but the behavior is not new. It should in no way be minimized or taken less seriously based on outside events.

 Monitor attendance.

 Encourage dialogue and open communication.

 Ensure staff knows the signs of anxiety and trauma, observes students for the signs, and knows what to do if signs are detected.

 Ensure staff and student access to trained counselors and support services either in one-on-one settings or in groups.

 Monitor extracurricular events, be aware of social media, and identify concerns raised by students involving outside parties, threats, harassment or intimidation.

 Continue to promote positive learning environments through programs such as PBIS (Positive Behavior Intervention and Supports), and comprehensive bullying programs.

 Promote restorative justice practices and utilize alternatives to Suspensions and Expulsions.

Page 2 November 15, 2016
 Remember that there is no quick fix, no one speaker, or one shot program to address complex issues. Success requires consistent messaging regarding expectations, sound policies, and having evidence-based programs in place that meet the need and are consistently implemented.

We do not intend this letter to suggest that diversity awareness, dispute resolution, cultural competency and other such programs are not important. We encourage you to foster inclusion through the expansion of such programs. However, these programs cannot be effective unless they are presented in a place where students feel safe and welcome. We have included some links below that you may consider incorporating into your future work. Current events, however, demand that we first ensure that students know that an attack on any student is an attack on all of us, and will be met with a swift and decisive response.

We can work through any other issues in time, but we must immediately make our schools a safe place -- where every student is made to feel welcome.

 For support in PBIS, the Promoting Positive School Climate (PPSC) project information is at - or

OK2Say reporting – text 652729 (OK2SAY) or through the website at

 For local support and resources, Every Michigan School District is served by a regional school health coordinator -

o These regional school health coordinators support training and implementation of the comprehensive K-12 health curriculum Michigan Model for Health -

 Regular surveying students to understand the environment through school climate surveys and student health behavior surveys such as the MiPHY (

 Alternatives to Suspensions and Expulsions Toolkit and,4615,7-140-74638_72831---,00.html and online restorative justice practice modules,4615,7-140-74638_72831-358881--,00.html

 Michigan State Board of Education Resolution on Use of American Indian Mascots, Nicknames, and Logos:

*Click the link for the PR and more details.

MI Dept. of Education PR, 11/15/16

Wednesday, October 12, 2016

The Guaridian News Paper: 10/6/16, "Huge phone scam targeting Americans leads to 700 being detained in India"

* This scam has impacted communities throughout Michigan. Exciting to see that at least this group has been caught. Hang up on these types of calls, it's okay to be rude.   CPAM 

Mumbai was the hub of a phone scam that fleeced Americans of millions, according to Indian police.
 Mumbai was the hub of a phone scam that fleeced Americans of millions, according to Indian police. Photograph: Bloomberg/Getty Images

 in Mumbai and agencies

Police say Mumbai call centre workers posed as Internal Revenue Service tax collectors to rake in tens of millions of dollars.Thousands of US citizens may have been targeted in a huge tax scam run from call centres in Mumbai, where hundreds of workers were allegedly trained to speak in American accents in order to steal tens of millions of dollars, Indian police have said.

About 700 people are being investigated over what is believed to have been one of the biggest such scams in India’s history, which involved workers posing as US tax officials, according to Paramvir Singh, the police commissioner of Thane.
“Seventy workers have been formally arrested and around 630 others are being investigated,” Singh said. “We expect that many more people will be arrested.”
On Tuesday night about 200 officers raided nine premises in India’s financial capital. Police believe the alleged scam was run from the call centres, where workers pretended to be officials from the Internal Revenue Service (IRS), the US tax authority.
Employees would allegedly tell American citizens that they had defaulted on tax payments and were facing prosecution by the IRS. “They would give an American name and a batch number and tell the [US] citizen that they owed the authorities $4,000, $5,000 or $10,000,” said Singh.
“They were instructed to stay on the phone and told that their homes would be raided by police within 30 minutes if they hung up. They made threats, they said: ‘You have to pay, otherwise you will lose your job, your money, your house.’”
After allegedly duping the victims into revealing their bank details they would then withdraw money from their accounts, police said. The victims were told to stay on the call and go to their nearest Target or Walmart store, where they would buy a prepaid cash card, load thousands of dollars on to it and then transfer the money to an American bank account.
Police have not revealed the amount of money that was stolen, or whether citizens from other countries had been targeted. But Singh said the call centres were running for more than a year and are estimated to have conned billions of rupees out of thousands of people.
“We’ve been getting calls all morning from American citizens, people saying: ‘I think I got one of these calls. I think my money was stolen,’” he said.
The alleged scam was discovered followed a tip-off to police, said Singh, who sent in an undercover call centre worker to investigate. “We had a mole go in to the call centres to verify. The best part is that they were actually recording all their calls. We have recovered 851 hard disks on which the calls were recorded, so we’re going through those now,” said Singh.Police suspect the ringleaders had associates in America, where the payments were processed.
US authorities had not approached Thane police on Thursday, but were expected to do so soon.
Many foreign firms outsource work to offshore call centres in India, where low-wage workers handle a variety of services, from reading out train timetables to selling mobile phone plans. In recent years, firms have started moving call centres to other countries such as the Philippines because of a preference for American-style English.

Tuesday, October 4, 2016

Crime Prevention Association of MI 2016 Conference "Preparing for the Unimaginable through Crime Prevention"

CPAM members and guests opened the 2016 conference tonight at the Park Place Hotel in Traverse City Michigan. There were 120 in attendance welcomed by the Traverse City Honor Guard and Jeffrey O'Brien, Police Chief Traverse City MI.  Dr. Patrick Mead , keynote speaker provided an uplifting message focusing on  "Touchstones". All in attendance were encouraged to find a touchstone to rely on and to be encouraged to cherish every moment with your loved ones and friends.

CPAM also recognized outstand service in the field of Crime Prevention:

Outstanding Crime Prevention Practitioner of the Year - MSP Trooper Maurice Burton

Outstanding Volunteer of the Year - Matt Barbarino Kent County Traffic Squad

Outstanding Michigan Media - Dani Mann-Civic Center TV Royal Oak MI

Outstanding Corporate Award - Nate Koetje Feyen Zylstra

Outstanding Unit Award- Ottawa County Sheriff's Office Community Policing Unit

Outstanding Youth Award - Pamela Vredevoogd, Walker PD. (Western MI Explorer)

Outstanding School Officer Award- Officer Rory Allen, Wyoming Dept. of Public Safety

Outstanding Contributions to the Crime Prevention Association of MI - Mr. Aaron Sawyer, Past Sec.

President's Distinguished Service Award: Brann's Family

Sunday, October 2, 2016

FTC: 3 Videos to help you be #Cyber Aware

FTC:  Information for consumers-

3 videos to help you be #Cyber Aware

October is almost here — which means, so is National Cyber Security Awareness Month (NCSAM). What does that mean for you? It’s a great time to make sure you’re #CyberAware. Are you doing everything you can to protect your personal information and devices? Check out the questions below — and corresponding short videos — to see what you’re doing right, and where your cyber habits might need some work.

1.) What can I do to avoid downloading malware (like spyware and viruses) to my devices?

2.) How can I safely connect to Wi-Fi when I’m on the go?

3.) What should I do if someone from “tech support” calls out of the blue, and asks for my personal information or money to fix my computer?

FTC - 3 videos to help you be #Cyber Aware


Tuesday, September 20, 2016

FBI Alert, 9/15/16 - Ransomware Victims Urged to Report Infections to Federal Law Enforcement

9/20/16 - CPAM Alert received from the FBI for consumers and businesses. R. Coleman, CPAM

Ransomware Victims Urged to Report Infections to Federal Law Enforcement
The FBI urges victims to report ransomware incidents to federal law enforcement to help us gain a more comprehensive view of the current threat and its impact on U.S. victims.

What Is Ransomware?

Ransomware is a type of malware installed on a computer or server that encrypts the files, making them inaccessible until a specified ransom is paid. Ransomware is typically installed when a user clicks on a malicious link, opens a file in an e-mail that installs the malware, or through drive-by downloads (which does not require user-initiation) from a compromised Web site.

Why We Need Your Help

New ransomware variants are emerging regularly. Cyber security companies reported that in the first several months of 2016, global ransomware infections were at an all-time high. Within the first weeks of its release, one particular ransomware variant compromised an estimated 100,000 computers a day.
Ransomware infections impact individual users and businesses regardless of size or industry by causing service disruptions, financial loss, and in some cases, permanent loss of valuable data. While ransomware infection statistics are often highlighted in the media and by computer security companies, it has been challenging for the FBI to ascertain the true number of ransomware victims as many infections go unreported to law enforcement.
Victims may not report to law enforcement for a number of reasons, including concerns over not knowing where and to whom to report; not feeling their loss warrants law enforcement attention; concerns over privacy, business reputation, or regulatory data breach reporting requirements; or embarrassment. Additionally, those who resolve the issue internally either by paying the ransom or by restoring their files from back-ups may not feel a need to contact law enforcement.
The FBI is urging victims to report ransomware incidents regardless of the outcome. Victim reporting provides law enforcement with a greater understanding of the threat, provides justification for ransomware investigations, and contributes relevant information to ongoing ransomware cases. Knowing more about victims and their experiences with ransomware will help the FBI to determine who is behind the attacks and how they are identifying or targeting victims.

Threats to Users

All ransomware variants pose a threat to individual users and businesses. Recent variants have targeted and compromised vulnerable business servers (rather than individual users) to identify and target hosts, thereby multiplying the number of potential infected servers and devices on a network. Actors engaging in this targeting strategy are also charging ransoms based on the number of host (or servers) infected. Additionally, recent victims who have been infected with these types of ransomware variants have not been provided the decryption keys for all their files after paying the ransom, and some have been extorted for even more money after payment.
This recent technique of targeting host servers and systems could translate into victims paying more to get their decryption keys, a prolonged recovery time, and the possibility that victims will not obtain full decryption of their files.

What to Report to Law Enforcement

The FBI is requesting victims reach out to their local FBI office and/or file a complaint with the Internet Crime Complaint Center, at, with the following ransomware infection details (as applicable):
  1. Date of Infection
  2. Ransomware Variant (identified on the ransom page or by the encrypted file extension)
  3. Victim Company Information (industry type, business size, etc.)
  4. How the Infection Occurred (link in e-mail, browsing the Internet, etc.)
  5. Requested Ransom Amount
  6. Actor’s Bitcoin Wallet Address (may be listed on the ransom page)
  7. Ransom Amount Paid (if any)
  8. Overall Losses Associated with a Ransomware Infection (including the ransom amount)
  9. Victim Impact Statement

The Ransom

The FBI does not support paying a ransom to the adversary. Paying a ransom does not guarantee the victim will regain access to their data; in fact, some individuals or organizations are never provided with decryption keys after paying a ransom. Paying a ransom emboldens the adversary to target other victims for profit, and could provide incentive for other criminals to engage in similar illicit activities for financial gain. While the FBI does not support paying a ransom, it recognizes executives, when faced with inoperability issues, will evaluate all options to protect their shareholders, employees, and customers.


The FBI recommends users consider implementing the following prevention and continuity measures to lessen the risk of a successful ransomware attack.
  • Regularly back up data and verify the integrity of those backups. Backups are critical in ransomware incidents; if you are infected, backups may be the best way to recover your critical data.
  • Secure your backups. Ensure backups are not connected to the computers and networks they are backing up. Examples might include securing backups in the cloud or physically storing them offline. It should be noted, some instances of ransomware have the capability to lock cloud-based backups when systems continuously back up in real-time, also known as persistent synchronization.
  • Scrutinize links contained in e-mails and do not open attachments included in unsolicited e-mails.
  • Only download software – especially free software – from sites you know and trust. When possible, verify the integrity of the software through a digital signature prior to execution.
  • Ensure application patches for the operating system, software, and firmware are up to date, including Adobe Flash, Java, Web browsers, etc.
  • Ensure anti-virus and anti-malware solutions are set to automatically update and regular scans are conducted.
  • Disable macro scripts from files transmitted via e-mail. Consider using Office Viewer software to open Microsoft Office files transmitted via e-mail instead of full Office Suite applications.
  • Implement software restrictions or other controls to prevent the execution of programs in common ransomware locations, such as temporary folders supporting popular Internet browsers, or compression/decompression programs, including those located in the AppData/LocalAppData folder.
Additional considerations for businesses include the following:
  • Focus on awareness and training. Because end users are often targeted, employees should be made aware of the threat of ransomware, how it is delivered, and trained on information security principles and techniques.
  • Patch all endpoint device operating systems, software, and firmware as vulnerabilities are discovered. This precaution can be made easier through a centralized patch management system.
  • Manage the use of privileged accounts by implementing the principle of least privilege. No users should be assigned administrative access unless absolutely needed. Those with a need for administrator accounts should only use them when necessary; they should operate with standard user accounts at all other times.
  • Configure access controls with least privilege in mind. If a user only needs to read specific files, he or she should not have write access to those files, directories, or shares.
  • Use virtualized environments to execute operating system environments or specific programs.
  • Categorize data based on organizational value, and implement physical/logical separation of networks and data for different organizational units. For example, sensitive research or business data should not reside on the same server and/or network segment as an organization’s e-mail environment.
  • Require user interaction for end user applications communicating with Web sites uncategorized by the network proxy or firewall. Examples include requiring users to type in information or enter a password when the system communicates with an uncategorized Web site.
  • Implement application whitelisting. Only allow systems to execute programs known and permitted by security policy.
Follow the ic3 link to file a report.