The MS-ISAC have provided the following March 2013 newsletter to help users not fall for tax scams:

It’s tax season and criminals are seizing the opportunity for scams. Don’t become the next victim.

Scammers leverage every means at their disposal to separate you from your money, your identity, or anything else of value they can get. They may offer seemingly legitimate “tax services” designed to steal your identity and your tax refund, sometimes with the lure of bigger write-offs or refunds. Scams may include mocked up websites and tax forms that look like they belong to the IRS to trick you into providing your personal information.

Scam artists can prey on users by promising refunds that are fraudulent, a scam the IRS says has been rampant in previous years. In these scams, notices are posted on bulletin boards, in libraries, and at other community sites where people visit either in person or online. Scammers make money from this trick in two ways: first, they collect a fee for helping to “file” for a refund on behalf of their victims, and then they steal the victim’s identity for further exploitation. The victims are left paying a fee for a fraudulent service, not getting a refund they thought they would, and are potentially in a position to face charges for failing to file a return or for committing fraudulent reporting.

How to Recognize an Email Tax Scam

According to the IRS, below are the key ways to recognize an email tax scam. The email:

• requests personal and/or financial information, such as name, SSN, bank or credit card account numbers or security-related information, such as mother’s maiden name, either in the email itself or on another site to which a link in the email directs you;

• includes exciting offers to get you to respond, such as mentioning a tax refund or offering to pay you to participate in an IRS survey;

• threatens a consequence for not responding to the email, such as additional taxes or blocking access to your funds;

• has incorrect spelling for the Internal Revenue Service or other federal agencies;

• uses incorrect grammar or odd phrasing;

• discusses “changes to tax laws” that include a downloadable document (usually in PDF format) that purports to explain the new tax laws (these downloads are populated with malware that, once downloaded, may infect your computer).

How To Avoid Becoming A Victim

To stay safer this tax season, follow these five steps:

1. Secure your computer. If your computer does not have proper security controls, it is vulnerable to access by criminals, who may be able to steal information stored on it. Make sure your computer has the latest security updates installed. Check that your anti-virus and anti-spyware software are running properly and are receiving automatic updates from the vendor. If you haven’t already done so, install and enable a firewall.

2. Carefully select the sites you visit. Safely searching for tax forms, advice on deductibles, tax preparers, and other similar topics requires caution. Know the site. Know the company. Do not visit a site by clicking on a link sent in an email, found on someone’s blog, or on an advertisement. The website you land on may look just like the real site, but it may be a well-crafted fake.

3. Don’t fall prey to email, web, or social networking scams. Common scams tout tax rebates, offer great deals on tax preparation or offer a free tax calculator tool. If you did not solicit the information, it’s likely a scam. If the email claims to be from the IRS, it’s a scam – the IRS will not contact you via email, text messaging or your social network, nor does it advertise on websites. If the email appears to be from your employer, bank, broker, etc. claiming there is an issue with what they reported for you and you need to verify some information, it might be a scam. Do not respond to the email. Contact the entity directly before responding.

4. Never send sensitive information in an email. It may be intercepted and read by criminals.

5. Use strong passwords. Cyber criminals have developed programs that automate the ability to guess your passwords. To protect yourself, passwords must be difficult for others to guess, but at the same time, easy for you to remember. Passwords should have a minimum of nine characters and include upper case (capital letters), lowercase letters, numbers, and symbols. Make sure your work passwords are different from your personal passwords.

For More Information:

For additional information about tax related scams and identity theft, please visit:

• Taxpayer Guide to Identity Theft: www.irs.gov/uac/Taxpayer-Guide-to-Identity-Theft

• Tax Scams/Consumer Alerts: www.irs.gov/uac/Tax-Scams-Consumer-Alerts

• IRS Releases the Dirty Dozen Tax Scams for 2012: www.irs.gov/uac/IRS-Releases-the-Dirty-Dozen-Tax-Scams-for-2012

• What’s Hot – IRS: www.irs.gov/uac/What’s-Hot

• Report Phishing: www.irs.gov/uac/Report-Phishing

The information provided in the Monthly Security Tips Newsletters is intended to increase the security awareness of an organization’s end users and to help them behave in a more secure manner within their work environment. While some of the tips may relate to maintaining a home computer, the increased awareness is intended to help improve the organization’s overall cyber security posture. This is especially critical if employees access their work network from their home computer. Organizations have permission and are encouraged to brand and redistribute this newsletter in whole for educational, non-commercial purposes.
The contents of this post is brought by MS-ISAC

Starting this week, Internet Service Providers (ISPs) will start implementing an industry wide program in an attempt to curb illegal file sharing. Copyright maximalists MPAA and RIAA have created the Center for Copyright Information (CCI) with the support of five major ISPs to educate residential users on copyright violations and penalize repeat offenders.

The program will work on a six-strike system focusing only on monitoring P2P networks. None of the ISPs have officially outlined the penalties for each strike though they will follow general guidelines. The first several strikes will generally result in warning and education letters explaining why sharing copyrighted material is not advisable. Additional strikes may result in temporary suspension of popular websites, the reduction of connection speeds to near unusable levels, and temporary suspension of service. None of the ISPs stated they plan to permanently cut off a user’s internet connection, although the agreement leaves that option available. In addition the ISPs will provide the offender’s IP address to the MPAA and RIAA; MPAA and RIAA stated that they do not plan to bring lawsuit against offending users at this time.

Hopefully, this program will achieve the goal of educating users and reducing illegal file sharing. Unfortunately, history shows that in a technological arms race against piracy, new controls are quickly circumvented to the harm of the average user.

The problem with programs like “six-strike” is that the users are assumed guilty and penalized until proven innocent through an appeals process that takes time and money. For example, an innocent user whose otherwise legal open wireless access point has been hacked or mis-identified could be caught up in these monitoring nets. To appeal the rulings the user who registered the internet connection must file a $35 fee and prove they did not commit the violation.

Collateral damage from this program could include the closing of open wireless access points from businesses such as Starbucks and Internet hotspots and could harm social programs such as the Open Wireless Movement. CCI states that “six-strikes” is not intended to target wireless hotspots offered by businesses, but it is yet to be seen if these hotspots will be affected.

The plan is similar to what some call the “economically wasteful” French three-strike law Hadopi. Since 2009, the French government has spent over $14 million per year to enforce the law, brought 14 people to court, and only managed to get one conviction for a total fine of roughly $200. Not only has the law been ineffective, but also reports state that many people have stopped using P2P for file sharing and have moved to other technologies such as storage lockers where their activities are not easily monitored by third parties.

Illegally downloading and uploading copyrighted material without the owners’ approval is illegal; people should follow the law and artists should get properly compensated for their work. (It is also against the Northeastern Acceptable Use Policy that you agree to when connecting to the NU network.)

However, programs like “six-strikes” have historically not resulted in the intended goal of reducing piracy and increasing sales. The minority of Internet users who pirate media will likely develop new technologies and methods to circumvent the monitoring nets. Implementation of blanket punitive measures where the accused are presumed guilty could be seen as hurting the majority and doing little to stop piracy.

The National Security Agency (NSA) through their public Information Assurance program has released a set of guidelines on how to keep your home (or residence hall) network and computers secure.

Topics Include:

• Securing Windows best practices
• Securing Apple best practices
• Home network design and implementation recommendations
• Home network wireless setup
• Secure wireless use in public
• Email best practices
• Password management
• Secure web browsing and PDF reading

These tips and recommendations provide great advice to securing your home and personal information against identity thieves, criminals, and viruses.

Read the Fact Sheet: Keeping Your Home Network Secure

More information on the NSA’s: Information Assurance Mission

On Tuesday February 13, Microsoft released 57 updates to close security holes in Windows 7 and XP, Office, Internet Explorer, and .Net. Many of these updates are considered CRITICAL, fixing holes that would allow attackers to take over your computer.

SecureNU recommends that you run Windows Update immediately. (Note: NU managed machines will be updated automatically, you do not need to manually update your computer.)

Instructions from Microsoft on how to manually install Windows Updates:

1) Open Windows Update by clicking the Start button . In the search box, type Update, and then, in the list of results, click Windows Update.

2) In the left pane, click Check for updates, and then wait while Windows looks for the latest updates for your computer.

3) If you see a message telling you that important updates are available, or telling you to review important updates, click the message to view and select the important updates to install.

4) In the list, click the important updates for more information. Select the check boxes for any updates that you want to install, and then click OK.

5) Click Install updates.

Read and accept the license terms, and then click Finish if the update requires it. If you’re prompted for an administrator password or confirmation, type the password or provide confirmation.

Please contact the Service Desk 617-373-4357 or help@neu.edu for assistance.

Information on how to update Windows 7: http://windows.microsoft.com/en-US/windows7/Install-Windows-updates