Tag Archives: identity theft

Android Banking Trojan Tricks Victims into Submitting Selfie Holding their ID Card

While some payment card companies like Mastercard have switched to selfies as an alternative to passwords when verifying IDs for online payments, hackers have already started taking advantage of this new security verification methods.

Researchers have discovered a new Android banking Trojan that masquerades primarily as a video plugin, like Adobe Flash Player, pornographic app, or video codec

The Dirty Dozen tax scams: Identity theft, phone scams and phishing schemes, oh my!

Scammers target taxpayers as they prepare their tax returns or hire someone to do so.

Scammers target taxpayers as they prepare their tax returns or hire someone to do so.

It’s that time of the year again – tax season is upon us.

Recently, the Internal Revenue Service wrapped up its annual “Dirty Dozen” list of tax scams. This year, identity theft topped the list, but phone scams and phishing schemes also deserve special mentions. It’s important that taxpayers guard against ploys to steal their personal information, scam them out of money or talk them into engaging in questionable behavior with their taxes. While discussing the topic of tax scams, IRS Commissioner John Koskinen said:

“We are working hard to protect taxpayers from identity theft and other scams this filing season. . .Taxpayers have rights and should not be frightened into providing personal information or money to someone over the phone or in an email. We urge taxpayers to help protect themselves from scams — old and new.”

In addition to releasing the “Dirty Dozen” list, the IRS has also renewed a consumer alert for email schemes. This renewal came after seeing an approximate 400 percent surge in phishing and malware incidents so far this tax season.

We encourage taxpayers to review the list in a special section on IRS.gov and be on the lookout for the many different forms of tax scams. Many of these con games peak during filing season as people prepare their tax returns or hire someone to do so.

Taking a closer look at this year’s “Dirty Dozen” scams

Here‘s what you should keep your eyes open for throughout this tax season:

Identity theft: Taxpayers need to watch out for identity theft — especially around tax time. The IRS continues to aggressively pursue the criminals that file fraudulent returns using someone else’s Social Security number. Though the agency is making progress on this front, taxpayers still need to be extremely careful and do everything they can to avoid being victimized.

Phone scams: Phone calls from criminals impersonating IRS agents remain an ongoing threat to taxpayers. The IRS has seen a surge of these phone scams in recent years as scam artists threaten taxpayers with police arrest, deportation and license revocation, among other things.

Phishing: Taxpayers need to be on guard against fake emails or websites looking to steal personal information. The IRS will never send taxpayers an email about a bill or refund out of the blue, so don’t click on one claiming to be from the IRS.

Return preparer fraud: Be on the lookout for unscrupulous return preparers. The vast majority of tax professionals provide honest high-quality service, but there are some dishonest preparers who set up shop each filing season to perpetrate refund fraud, identity theft and other scams that hurt taxpayers.

Offshore tax avoidance: The recent string of successful enforcement actions against offshore tax cheats and the financial organizations that help them shows that it’s a bad bet to hide money and income offshore. Taxpayers are best served by coming in voluntarily and getting caught up on their tax-filing responsibilities.

Inflated refund claims: Be wary of anyone who asks taxpayers to sign a blank return, promises a big refund before looking at their records, or charges fees based on a percentage of the refund. Scam artists use flyers, ads, phony store fronts and word of mouth via trusted community groups to find victims.

Fake charities: Be on guard against groups masquerading as charitable organizations to attract donations from unsuspecting contributors. Contributors should take a few extra minutes to ensure their hard-earned money goes to legitimate and currently eligible charities.

Falsely padding deductions on returns: Taxpayers should avoid the temptation of falsely inflating deductions or expenses on their returns to under pay what they owe or possibly receive larger refunds.

Excessive claims for business credits: Avoid improperly claiming the fuel tax credit, a tax benefit generally not available to most taxpayers. The credit is generally limited to off-highway business use, including use in farming. Taxpayers should also avoid misuse of the research credit.

Falsifying income to claim credits: Don’t invent income to wrongly qualify for tax credits, such as the Earned Income Tax Credit. Taxpayers are sometimes talked into doing this by scam artists. This scam can lead to taxpayers facing big bills to pay back taxes, interest and penalties and in some cases, criminal prosecution.

Abusive tax shelters: Don’t use abusive tax structures to avoid paying taxes. The vast majority of taxpayers pay their fair share, and everyone should be on the lookout for people peddling tax shelters that sound too good to be true. When in doubt, taxpayers should seek an independent opinion regarding complex products they are offered.

Frivolous tax arguments: Don’t use frivolous tax arguments in an effort to avoid paying tax. Promoters of frivolous schemes encourage taxpayers to make unreasonable and outlandish claims even though they are wrong and have been repeatedly thrown out of court. The penalty for filing a frivolous tax return is $5,000.

Proceed with caution while filing taxes

Perpetrators of illegal scams can face significant penalties and interest and possible criminal prosecution. IRS Criminal Investigation works closely with the Department of Justice to shut down scams and prosecute the criminals behind them. Taxpayers should remember that they are legally responsible for what is on their tax return even if it is prepared by someone else. Be sure the preparer is up to the task.

For more information about tax scams, check out the IRS on YouTube.


Follow Avast on FacebookTwitterYouTube, and Google+ where we keep you updated on cybersecurity news every day.

Digital toy company hack exposes information and risks kids’ privacy

Internet-connected toys gather data on the user and have weak security compared to other computer products.

vtech-innotab

Data stolen from children today can be used to build profiles that will cause trouble for them in the future

Digital devices and toys like cameras, smartwatches, and tablets may be on your child’s Christmas wish list. But more parents are having second thoughts about placing these items under the tree, because Internet-connected toys gather data on the user and have weak security compared to other computer products.

6 million children’s accounts taken by a hacker

This weakness was made very public during the Black Friday shopping bonanza, when a Hong Kong-based digital toy company called VTech lost databases of more than 6 million children and almost 5 million connected parental accounts to a hacker.

By putting the databases together the hacker was able to retrieve personally identifiable information like children’s names, ages, and genders, and even pictures and chat logs were found. Parents’ names, email addresses, secret questions and answers, IP addresses, encrypted passwords, and mailing addresses were also accessed. Supposedly the breach did not include credit card or financial account information exposure.

The hacker responsible for breaking into the VTech databases told Motherboard that his only intention was to expose the company’s inadequate security practices. There has been no indication or evidence that the data has been put up for sale on hacker forums.

“Profiting from database dumps is not something I do,” the hacker told Lorenzo Franceschi-Bicchierai, a staff writer at VICE Motherboard. “I just want issues made aware of and fixed.”

The company has taken several of its sites and services offline after the breach and hired a security company to improve data security.

Do parents have anything to worry about?

Most parents probably have no idea that their children’s data can be compromised, or that there is even anything to worry about. But the danger with stealing even basic pieces of information from a child, is that cybercrooks can begin early to build profiles, setting up the young child for identity theft or other nefarious activities in the future.

“Nowadays it sometimes happens that sophisticated fraudsters use children’s data later on, when they come of age, and establish a credit record or ‘credit footprint’ without the child even knowing it,” Diarmuid Thoma, from security firm Trustev, told ZDNet after the hack was exposed.

The Identity Project, a website which educates people about identity theft, share some potential real-life consequences when a child’s identity gets stolen.

    1. 1. Young adults could be denied the first credit card they apply for because their credit history will show odd behavior.
    2. 2. Their first medical emergency can have incorrect information, because cybercrooks have used it for medical services.
    3. 3. Their DMV records may be tied to criminal activity, which could complicate their license application.
    4. 4. They will be denied a college loan to pay for school.
    5. 5. They will be denied their first apartment and utilities because their credit check fails.

Should parents stop buying internet-connected toys?

With this type of breach made public, parents will now realize the danger that internet-connected toys at home, and even educational technology used at school, may pose to their children in the future because of the lack of security today.

Refraining from purchasing digital items will actually get harder as the Internet of Things universe expands.

We have already become used to sharing personal information in order to get a better experience, so until children’s online protection improves, parents will have to balance the importance of the information they are willing to give up against the benefits of having it used by a company that provides services (think Google or shopping sites) and factor in the level of risk they are willing to tolerate.

image via http://digisns.com/


Follow Avast on FacebookTwitterYouTube, and Google+ where we keep you updated on cybersecurity news every day.

How to avoid Efast Browser, the latest adware to hit Chrome

Efast adware browser

Another day, another malware to tackle. It seems that hackers are churning out new ways to trick us on a weekly basis as security researchers have uncovered the latest threat to Internet users. Despite the likes of Google strengthening its security to combat these attacks, the culprits are continuously changing and adapting, and this latest adware has the potential to lead to serious privacy issues and even identity theft.

Named eFast Browser, this new adware seemingly works in the same way as many similar adwares that we’ve seen in the past – it bombards your browser with annoying pop-ups and redirects you to unwanted websites, while tracking your every move online, allowing more frustrating advertisements to be sent your way. What makes eFast Browser unique, however, is that unlike previous adwares which looked to take over your current browser, it actively sets out to replace your browser by deleting Chrome and taking its place. In doing so, it hijacks as many links and file associations as possible and features an icon that bears more than a passing resemblance to the Chrome icon.

The software comes from a company calling itself Clara Labs, which is also behind other similar browsers such as BoBrowser, Tortuga, and Unico. All claim to be legitimate and improve the Internet browsing experience yet none provide the functionality promised. The developers state that eFast Browser is a legitimate chromium-based web browser that largely improves the Internet browsing experience by generating the most relevant search results, displaying special deals or discounts available on shopping websites, etc. However, users need to be aware that adware-type applications such as eFast Browser are solely designed to generate revenue for the developers with little care for the user experience.

adware desktop

The most worrying aspect of this malicious adware is that it gathers information on your browsing which it then shares with third parties. The data that it gathers has the potential to be personally identifiable which, in turn, could lead to problems such as identity theft.

According to PCrisk, the adware tries to get on your computer by burrowing itself into the installers for free software from dubious sources on the web. The experts recommend a two-step process to avoid accidentally installing eFast Browser and other potentially unwanted programs (PUPs) on your computer. You should “never rush when downloading and installing software – use the ‘Custom’ or ‘Advanced’ settings and closely analyze all steps. Furthermore, all additionally-included applications should be cancelled, since bundled software is often classed as rogue, and thus, should never be installed.”

As always, when you are using the Internet it pays to be cautious. By following a few simple steps you can be assured that your online experience won’t turn out to be a frightening one. Cybercriminals are lurking in every part of the web, so always keep your eyes peeled!

The post How to avoid Efast Browser, the latest adware to hit Chrome appeared first on MediaCenter Panda Security.

#ShredFest helping protect against Identity Theft

It’s no secret that personal data and private information left lying about, either in physical or digital form, can be used by thieves to steal your identity.  The problem is that securely destroying old documents, especially if you have boxes and boxes of them, can be time-consuming and frustrating.

And if you don’t destroy your data securely the consequences of being a victim to identity theft can range from outright theft of money, to unexplained debts, leaving you feeling like somebody else has taken over your life.

But thanks to a growing movement called #ShredFest originally from New York, things might get a little easier. It’s a subsidised program designed to provide secure document destruction free-of-charge. You might already have something similar in your local area, sometimes run by local banks and communities once or twice a year – or perhaps this is your opportunity to make-it-happen!

The statistics on Identity theft are nothing short of shocking. In the United States the Federal Trade Commission reports that in 2014 it received 332,646 complaints making ID theft the number one reported crime for the 15th year in a row. 

Stolen identities used in the United States in 2014 were used mostly for Government and benefits related fraud (30%) followed by Credit Card fraud (26%), Phone/Utilities fraud (16%) and Bank fraud (10%).

With the ability for criminals to collude easily on a global scale, it’s not inconceivable that we will see ID theft attempts in the future combine information obtained from the litany of online data breaches (for example, Ashley Madison), along with tidbits obtained through “dumpster diving” right at your own back door.

Fortunately, with a few simple precautions and some dedication to properly destroying the remnants of your online correspondence, and other important paperwork (that you’re no longer required to keep by law), you should be able to reduce the risk of ID theft happening to you.

Destroying Physical Documents

Got boxes of documents that you should be securely destroying? Despite #ShredFest only being available in a small number of locations at the moment, a quick search online reveals many companies that provide shredding services for a small fee.

But weighed up against the risk of ID theft against you at any time, it may well be worth it at any cost; and think of how a quick trip to your local shredding depot with a car-load of documents is not only going to put your mind at ease – but all that storage space you’ll get back at home!

Another alternative is to purchase your own document shredder – something that I have owned for many years and highly recommend – however, those boxes of tax paperwork may still be inescapable, so an annual trip to #ShredFest is likely still needed.

If you do purchase your own shredder, however, consider one that has a “cross-cut” feature (that cuts the paper into smaller pieces) which is considered a little more secure, and also there are models that can shred old CD-ROMS and DVDs which can come in handy.

Shredding Computer Files

Did you know that selecting a file and pressing delete, or simply moving the file to the trash (even after you empty it) isn’t enough to securely remove it?  It’s important to understand how to securely delete digital files on all your devices – not just your PCs, but also Mobile devices.

We’ve covered in the past how easy it is to use features like AVG’s File Shredder which can overwrite your private and personal files multiple times to ensure they cannot be recovered again.

Also if you’re recycling your old PC’s or Mobile devices, including disposing of them permanently, ensure you have taken all reasonable steps to correctly erase the data on them – this sometimes isn’t as easy as a simple factory-reset, particularly with older Android mobile devices.

Lastly, if you have an online email account (such as Gmail, Yahoo or Outlook.com) you’re likely holding on to years worth of old email that could prove to be extremely valuable to an ID thief.  As I suggest in these tips about securing your online email account, make sure you purge all your old and unwanted email too.

Until next time, stay safe out there.

Shopping online just got a little more risky

One of the largest e-commerce platforms, Magento, has been plagued by hackers who inject malicious code in order to spy and steal credit card data or any other data a customer submits to the system. More than 100,000+ merchants all over the world use Magento platform, including eBay, Nike Running, Lenovo, and the Ford Accessories Online website.

The company that discovered the flaws, Securi Security, says in their blog, “The sad part is that you won’t know it’s affecting you until it’s too late, in the worst cases it won’t become apparent until they appear on your bank statements.”

Minimize your risk for identity theft when shopping online

Minimize your risk for identity theft when shopping online

Data breaches are nothing new. The Identity Theft Research Center said there were 761 breaches in 2014 affecting more than 83 million accounts. You probably recall the reports of Sony, Target, Home Depot, and Chic Fil A.

We have heard lots about what we as individual consumers can do to protect ourselves: Use strong passwords, update your antivirus protection and keep your software patched, learn to recognize phishing software, and be wary of fake websites asking for our personal information.

But this kind of hack occurs on trusted websites and show no outward signs that there has been a compromise. The hackers have thoroughly covered their tracks, and you won’t know anything is wrong until you check your credit card bill.

So how do you minimize the risk of online shopping?

  • Use a payment service or your credit card– Experts agree that payment services like PayPal are safe because of their security practices and the encryption technology they use. Just don’t link it to your checking account. Link it to a credit card so you get your credit card’s fraud protections in addition to PayPal’s. If you only use a credit card, designate one card for online purchases so if something unusual happens, you don’t have to track down all your other cards.
  • Keep a paper trail – Once you place your order, print or save records of the transaction. Check your credit card statement to make sure transactions match and there were no unauthorized charges.
  • Avoid shopping while using public Wi-Fi – Unsecure public Wi-Fi hotspots do not give you any protection from hackers who want to monitor what you are doing online. It’s not difficult for someone to intercept and modify communications between you and another site. If you have to do it, then use a Virtual Private Network (VPN) so your communications will be encrypted.

What to do if you are caught in a data breach

  1. Get a new card – Either get a replacement card from the company or close your account.
  2. Change your passwords – If you have an account or have done business with any company that falls victim to a breach, then change your password ASAP. It’s a good idea to change all your passwords because hackers sell them to other cybercrooks.
  3. Monitor your bank and credit card statements – Don’t wait for your monthly statement to arrive in the mail. By then, a cybercrook could have done major damage. Check your online statement until your new card arrives. If you see any suspicious charges, report it immediately.
  4. Freeze your credit – you can request that your credit report be frozen from the three main credit bureaus; Equifax, Experian and TransUnion. This way, no one can access your credit report without your approval.