- Contacts taxpayers by mail. It doesn’t initiate contact via a random phone call.
- Doesn’t leave pre-recorded, urgent, or threatening voicemails.
- Never sends taxpayers emails or texts demanding personal or financial information.
- Never asks for a credit or debit card number over the phone.
- Doesn’t ask for payment with gift cards or prepaid debit cards.
- Mails paper bills to taxpayers who owe taxes, and payment should only be made payable to the U.S. Treasury — not a collection agency.
- Can’t revoke your driver’s license, business license, or immigration status.
- Can't threaten to have you arrested.
"We recalculated your tax refund, and you must fill out this form."
No, they didn’t, and no, you don’t. Ignore the alert.
"We're calling from the FDIC and need your bank information."
The FDIC will not call you. Keep your bank info private.
"We'll cancel your Social Security number."
Social security numbers can’t be canceled.
"This is the Bureau of Tax Enforcement, and we're putting a lien or levy on your assets."
What? They’re not legit. Delete the email or text message.
"Click here to see some details about your tax refund."
The IRS will only tell you to click on a text or email to confirm you’re trying to log into your account.
"You owe the federal student tax."
There is no such thing.
"If you don’t call us back, you’ll be arrested."
Even if your Caller ID says it’s the police, the caller is not from law enforcement.
Visit irs.gov (not irs.com, irs.org, irs.info, or any other variation of a web address) or call the IRS directly.
If you don’t have an online account with the IRS, set one up so no one else can do it in your name.
If you owe back taxes, you can pay or apply for an installment plan — directly with the IRS.
Ignore what the IRS calls "OIC mills," or offer-in-compromise mills claiming they can resolve a tax debt for little to no cost and settle with the IRS for less than owed.
Global cyber-attacks across North America grew 57% last year, says Check Point. The new study says attackers now tend to work in smaller, more nimble teams and often focus on stealing employees' passwords for Slack, Teams, OneDrive, and Google Drive to break into organizations. Employees and students who access the web using public Wi-Fi networks are at significant risk.
GoodRx has agreed to pay a $1.5 million fine for sharing users’ personal information, including information about prescriptions, personal health data, and contact information, with Google, Facebook, Twilio, and other advertisers. This, despite promising users their personal information would be kept private. MediaPost says GoodRx doesn’t admit wrongdoing and says the practice ended before federal regulations prohibited it.
Just because an ad appears at the top of Google search results doesn’t mean it’s safe. Ampere Industrial Security provides this example of an ad for video conferencing from “weebexx.space,” which takes the user to a website designed to steal passwords and credit card information. Google says that once it was notified, it removed the ad.
Recent editions of Aware Force Cybersecurity News from Xtreme Solutions
We view Aware Force from Xtreme Solutions as an extension of our commitment to keeping our clients informed and empowered.
Xtreme Solutions is powered by certified and highly experienced professionals in information technology, cybersecurity, and telecommunications services and solutions.
XSI's Cyber Range — I.C.E. (Integrated Cyber Environment) solution offers a virtual cyber defense environment designed to train cybersecurity professionals and decision-makers in securing national military and civilian networks against all forms of cyberattacks. The range is an integral component of Xtreme Solutions’ comprehensive cyber defense solutions.
Connect with us here.
"Recently, I have noticed unsuccessful login attempts from other countries for my personal e-mail. This is disconcerting, and I wonder what steps I should take to prevent unauthorized access."
That notification means fraudsters were trying to get into your account, but the password they used isn’t valid. This seems to be happening a lot with Facebook and LinkedIn accounts. It's a reminder to make sure your password is hard to guess — at least 12 characters long, a mix of letters, special characters, and numbers, and not used on any other account. And to be even more secure, set up 2-factor authentication if the account offers it. That’s where you’re texted a unique code every time and use it to sign in.
"I'm working from home using [my cable company's] technology plan. Should additional security be considered for my home modem / Wi-Fi?"
Cable companies have invested a lot in keeping you safe, but they can also track your online activity. Using a VPN makes those browsing habits private. You should always use VPN software on your laptop, tablet, or phone whenever using a Wi-Fi network outside your home or office. Two things to remember: some VPNs won’t work with certain cable modems, and VPNs slow your connection speed, particularly when you upload files.
"I store photos of all personal documents on my phone, and although my phone is protected with my fingerprint, couldn't someone bypass that by using 'emergency mode,' gain access, and see pictures of all the documents? Best practices were shared in a previous newsletter, but not a direct answer to whether they could gain access using emergency mode."
First, password-protect your phone using Face ID or fingerprint scan. Now, on an Android phone, open the Google Photos app. Tap the “Library” icon at the bottom, then “Set Up Locked Folder,” and follow the instructions. On an iPhone running Apple’s latest software (iOS 16), select the photo you want to protect. Click “Hide” and then “Hide Photo.” To see the photo, click the “Albums” tab at the bottom of the screen and select “Hidden.” If you get lost in the process, do a web search for “Hide Photos” and the type of phone you’re using.
Cyber cartoon © 2023 CartoonStock | Original content © 2023 Aware Force