Monday, April 14, 2014

Internet Safety tip: CNet - How to protect yourself from the 'Heartbleed' bug


A flaw in software that's widely used to secure Web communications means that passwords and other highly sensitive data could be exposed. Some say they've already found hundreds of Yahoo passwords. For more information on the malware and which websites have created “patches” to avoid access to personal information click on the link below.

Cnet - 100 websites with "Heartbleed" malware patches

 

FTC- Business Blog  (By Nicole Vincent Fleming April 11, 2014 - 4:23pm) 
http://www.business.ftc.gov/blog/2014/04/heartbleed-may-cause-you-some-heartache?Source=govdelivery 


If you’re thinking “Heartbleed” sounds serious, you’re right. But it’s not a health condition. It’s a critical flaw in OpenSSL, a popular software program that’s used to secure websites and other services (like VPN and email). If your company relies on OpenSSL to encrypt data, take steps to fix the problem and limit the damage. Otherwise, your sensitive business documents and your customers’ personal information could be at risk.

About two-thirds of all web servers use OpenSSL, so it’s safe to say the small coding error recently discovered by researchers has big implications. The error, which has been in place for over two years, makes it possible for a hacker to grab information that’s supposed to be protected. Vulnerable web servers can be tricked into revealing random bits of data over and over, until the hacker gets something juicy, like the server’s encryption key.

Armed with the encryption key, a hacker can monitor all communication to and from a server including usernames, passwords, and credit card information or create a fake version of a trusted site that would fool browsers and users, alike. Worse yet, the hacker leaves no trace, so it’s nearly impossible to know the extent of the damage caused by Heartbleed.

Thursday, April 3, 2014

FTC: Dialing for Dollars IRS Tax Scam


There’s a new scam going around and if your family name is from South Asia, there’s a chance you already know about it. If the scam sounds familiar, that’s because it’s been around for years, targeting one group, then another. Right now, the people being targeted seem to be from India and Pakistan.

Here’s what’s happening: You get a call from someone claiming to be from the government maybe the IRS, maybe a law enforcement agency, maybe the U.S. Citizenship and Immigration Services (USCIS).  The caller often has a foreign accent, and might even speak to you in Hindi or Urdu.

The caller might have information about you the last four digits of your Social Security number, for example. The caller tells you that you owe money and that if you don’t pay, many bad things will happen, deportation for you and your family, freezing your assets, and even going to jail if you don’t pay. The caller will tell you to pay using a prepaid card, and will threaten you if you protest.

If you’ve gotten one of these calls or any call asking you to buy prepaid cards or to wire money the Federal Trade Commission wants to know about it. Please call 1-877-FTC-HELP and tell your story. It helps our investigators build cases against these scammers.  Click the link for more details.
 

 

Federal Trade Commission: Stolen Checks


If an identity thief steals your paper checks, uses the account number from the bottom of your checks, or opens a new account in your name, contact your bank or financial institution as soon as possible and ask them to close your account. 

Federal law doesn’t limit your loss if a thief forges your signature on your checks or uses your account number to buy something by phone. Most states hold banks responsible for losses from those fraudulent transactions. For their part, banks expect you to take reasonable care of your accounts. That means you might be responsible for a loss if you know there’s a problem, but you don’t report it to your bank quickly.  

 
For more details on reporting stolen checks click the link below. 

FTC - Stolen Checks

FTC: Tax Related Identity Theft


The IRS uses your Social Security Number (SSN) to make sure your filing is accurate and complete, and that you get any refund you are due. Identity theft can affect how your tax return is processed. An unexpected notice or letter from the IRS could alert you that someone else is using your S.S.N.; however, the IRS doesn't start contact with a taxpayer by sending an email, text or social media message that asks for personal or financial information.

If you get an email that claims to be from the IRS, do not reply or click on any links, forward it to phishing@irs.gov. For more details on what to do if you are a victim click on the link below.

 
FTC