Alerts & Notices

Tax Fraud Alert 2018

Tax Season is in full force and with that comes phishing scams. Phishing emails are going around that can secretly download malicious software that can help cyber criminals steal client data. The IRS has already identified a new scam that began with cyber criminals stealing data from several tax practitioners’ computers and filing fraudulent tax returns.

Tax-related phishing emails are trying to get victims to provide personally identifiable information, click on a malicious link, or pay a ransom.

Sometimes these requests were followed by or combined with a request for an unauthorized wire transfer.

The most popular method remains impersonating an executive, either through a compromised or spoofed email in order to obtain W-2 information.

We encourage all taxpayers to review the IC3 Alert page more information.

Winter Olympics 2018

During the 2018 Olympic Games in Pyenongchang, be aware of cybersecurity risks. At high profile events, cyber criminals may attempt to steal personal identifiable information for financial gain.

NCCIC/US-CERT encourages users to protect themselves against these risks. Risk are high in portable devices such as smart phones and tablets.

Some ways you can protect yourself:

  • Switch off Wi-Fi and Bluetooth connections when not in use
  • Use a credit card to pay for online goods and services 
  • When using a public or unsecured wireless connection, avoid using sites and applications that require personal information.
  • Update mobile software.
  • Use strong PINs and passwords.

Social Security Scam:

Reports from the Federal Trade Commission are reporting of a new Social Security Scam. Scammers are calling and claiming to be from the Social Security Administration. They say there is a problem with their computers and they need you to verify your Social Security number. 

There are also spoof websites that look like a place where you would apply for a new Social Security Card-These websites are just a set-up to steal your personal information.

If you get a phone call or are directed to a website other than that is claiming to be associated with the Social Security Administration, Do Not Respond!! Its most likely a scam.

Some Tips:

  • Do Not Give the caller your information-Never give out or confirm sensitive information.
  • Do Not trust a name or number-To make their call seem legitimate, scammers use internet technology to spoof their area code.
  • Check with the Social Security Administration-Call them directly at 1-800-772-1213 if you come across one of these scams and report it to the 

Meltdown and Spectre

Researchers have recently found out that the main chip in most computers has a hardware bug. It's a design flaw in the hardware that has been there for 20 years. This is a big deal because it affects almost every computer, phone, tablet etc. 
This hardware bug allows malicious programs to steal data that is being processed in your computer memory. So, if the bad guys are able to get malicious software running on your computer, they can get access to your passwords stored in a password manager or browser, your emails, instant messages and even business-critical documents. Not good. 

Make Sure your Browser and other computer updates are patched to the latest version. Be extra vigilant and as always Think Before You Click!

Happy Holidays!!

The Holidays season is officially underway. May we all have a Happy, Healthy and Holiday season. With that being said, the man wearing the Santa hat is not the only one we have to worry about! During this holiday season please make sure you are aware of all the possible scams out there. Those guys do not care if you are on the Nice or Naughty list.

Here are some tips to keep in mind: Holiday Traveling with personal Internet-Enabled Devices

  • Do Not use public Wi-Fi networks
  • Turn off Bluetooth when not in use 
  • Be cautious when charging
  • Don't fall victim to phishing scams
  • Keep a close eye on your account activity

More Information

Netflix Subscription E-mail Scam:

Another reason to THINK BEFORE YOU CLICK, Scammers are now emailing Netflix subscribers. You will get an E-mail that says your Netflix account has been suspended, they are trying to get your login information and your credit card data. Do not Fall for this scam. If you ever need to change your subscription settings, log into your account from your browser. Never Click on any links in E-mails that you are not familiar with. 

Equifax Data Breach 2017:

There has been a massive data breach at Equifax, one of the largest credit reporting agencies in the country. This breach could affect the personal information of up to 143 Million consumers. Attackers have obtained names, Social Security numbers, birth dates, addresses, Driver's License numbers and Credit card numbers. 

Equifax established a dedicated website to help you determine if your were impacted. You can also sign up through them for credit file monitoring and identity theft protection use the Equifax Security button below. This site is okay and safe to visit. But watch out for fakes that scammers may send you.

Equifax Security

To Protect yourself from potential fraud:

  • Review your account activity using online banking, mobile banking, or telephone banking. As a reminder, you can setup account alerts through online and mobile banking.
  • Equifax is promoting their own credit monitoring service, TrustedID free for one year but may require payment after that. 
  • LifeLock is a more well-known option for monitoring new credit applications under your identity, but it is not free. 
  • We advise you place a credit freeze at each credit bureau. A credit freeze is more effective because it blocks new credit applications under your identity, until you request the freeze to be lifted.
  • You can also set up Fraud alerts, A fraud alert requires potential creditors to contact you and obtain your permission before opening new lines of credit in your name. You are allowed by law to file a fraud alert, however they usually only last for 90 days.

    Credit Freeze and Fraud Watch Websites: EquifaxExperianInnovisTransunion

    • You can also request free credit reports, this will show all your lines of credit and other debt obligations, along with lots of date. You can check your credit report once a year at each bureau using this link: Annual Credit Report Tip: Request a report from one service bureau, and then continue down the list every three months for coverage throughout the year.

    There are possible Equifax scams going around, Equifax is not calling you to verify your account information. For more information on possible scams visit the FTC website.

    Hurricane Related Scams:

    In the middle of one of the worst Hurricane seasons we needto use caution of various scams targeting both victims and donors. You may receive an email that seems like itis from a trusted source. Disaster-related phishing emails are tricking usersto enter sensitive information. These emails may contain links and attachmentsthat might direct you to a malware infected site.

    • Be cautious of social media sites with links to donate,calls, text, and even door to door solicitations.
    • Be suspicious of unsolicited phone calls, visits, or emailmessages from individuals asking for personal information
    • Do not reveal personal information in email, and do notrespond to email solicitations for this information. This includes followinglinks sent in email.
    • Don't send sensitive information over the Internet beforechecking a website's security.
    • Never wire money to someone claiming to be a charity.Scammers often request donations to be wired because wiring money is likesending cash: once you send it, you can’t get it back.
    • Never send cash donations. For security and tax purposes,it’s best to pay by check — made payable to the charity — or by credit card.
    • Do not provide your credit or check card number, bankaccount number or any personal information until you’ve thoroughly researchedthe charity.

    If you think you’ve been the victim of a charity scam, please file a complaint with the Federal Trade Commission. The Federal Trade Commission

    Publishers Clearing House Scams:

    We are all familiar with Publishers Clearing House knocking on someone's door, congratulating you for your winnings and handing you a check for millions. The FTC has released a statement that warns you about possible scams involving Publishers Clearing House. Scammers are pretending to be them and tricking people into sending money.

    There have been many reports about scammers calling and claiming you have won the sweepstakes, but they will need you to send money for "fees and taxes". 

    Paying to collect a prize is a scam. Always is. Scammers like to ask you to send money by Western Union or MoneyGram or by getting a prepaid card or gift card. Why? because it is nearly impossible to trace that money and you will almost never get your money back.

    If you think you have won a prize, here are a few things to know:

    • No Legit prize is promoter will ever charge you to win.
    • If anyone calls asking you to pay for a prize, hang up and report it to the FTC.
    • Never send money to collect a prize. Its a scam
    • Publisher's Clearing House does not call ahead to say you have won.

    if you or someone you know believes they have been victim of a scam, please report it to your institution, 

    Phishing Scams Summer Edition

    It might be time for Summer Vacation but the bad guys never take a break. During these summer holidays make sure you are still aware of all the possible scams out there. 

    These are some of the most recent Phishing scams emails you might receive :

    • Microsoft/Office 365: Secure your Microsoft Email Now-This message spoofs Microsoft and advises users to reconfirm ownership of their account by clicking a malicious link.
    • Outlook/McAfee notification and attempts to trick the user into clicking a malicious link to comply with their account requirements.
    • Summons Notification: This shocking message informs the user they've violated a Federal Law and provides a malicious link that they need to click on to download more information. 
    • Western Union:Too many login attempts on your account. This message contains a malicious HTML file that is disguised as updated software and safety precautions the user must follow for security reasons. 
    • Message from Microsoft:Upgrade to our advanced secure server to prevent phishing attacks-this message contains a malicious link which the user is prompted to click on to migrate to a newer, more secure email platform.
    • American Express: you have a new message-This message advises the user that their personal security key has expired and that they must verify their information by clicking on a malicious link.

    *Always be cautious when opening emails from an unknown sender*

    Google Docs Phishing Campaign

    A Phishing campaign Involving Google emails accounts and Docs, is concerning and you need to proceed with caution. The emails appear to be a legitimate Google user inviting you to view a document or file. It is actually authorizing authentication to a malicious party to harvest your credentials.

    When it comes to this scam, before clicking on the "Open" or "View" take these steps into consideration:

    1.  Are you expecting email from this user, more specifically a document?
    2. Is this coming from a legitimate person?
    3. Does the Document have misspelled words/bad grammar within the subject line or the body
    4. Be careful when clicking directly on links in emails, even if the sender appears to be known; attempt to verify web addresses independently
    5. Exercise caution when opening email attachments. Be particularly wary of compressed or ZIP file attachments.
    6. Before clicking on any e-mail please make sure you know who the sender is. As Always think before you click and be cautious.

    Fake Check Scams

    Scammers know how to make a phony check look legitimate. Fake Checks are known as one of the most popular scams and one of the most risky ones. Fake check scams come in many different ways. Look out for fake jobs, Prizes, online sales or even the person next door handing you a check. Money orders and cashier's checks can be counterfeited too.

    Here is how to avoid a counterfeit check scam;

    • Throw away any offer that asks you to pay fro a prize or a gift. If its free or a gift, you shouldn't have to pay for it. Free is Free.
    • Resist the urge to enter foreign lotteries. It's illegal to play a foreign lottery through the mail or the telephone, and most foreign lottery solicitations are phony.
    • Know you you are dealing with, and never wire money to strangers.
    • If you are selling something, do not accept a check for more than the selling price, no matter how tempting the offer or how convincing the story is. Ask the buyer to write the check for the correct amount. If the buyer refuses to sent the correct amount, return the check. Do not sent the merchandise.
    • If you accept payment by check, ask for a check drawn on a local bank, or a bank with a local branch. That way, you can make a personal visit to make sure the check is valid. If that is not possible, call the bank where the check was issued and ask if its valid. 
    • If the buyer insists that you wire back funds, end the transaction immediately. Legitimate buyers do not pressure you to send money by wire transfer services. In addition, you have little recourse if there is a problem with a wire transaction.
    • Resist any pressure to "act now". If the buyer's offer is good now, it should be good after the check clears.

    Tips to Prevent Tax ID Fraud

    With the 2017 Tax season upon us it is important to take some precaution to protect yourself from being affected by fraud. Here are some Helpful tips to keep in mind as you file for your taxes.

    • File as soon as you can 
    • File on a protected WiFi network
    • Use a secure mailbox
    • File with someone you trust
    • Shred what you don't need 
    • Beware of Phishing scams by email, text, or phone
    •  Keep an eye out for missing mail

    If you believe you are a victim of tax identity theft or if the IRS denies your tax return because one has previously been filed under your name, alert the IRS Identity Protection Specialized Unit at 1-800-908-4490

    you should also:

    • Respond to any IRS notice
    • Contact your bank immediately
    •  Continue to pay your taxes, even if you must do so by paper 

    Safe and Secure Online-Seniors 

    Learn how to be safe and secure while connecting with friends and family in this new digital age.

    • Always think before you click.
    • Make sure you keep your computer and software updated. 
    • Create Strong and unique passwords.
    • Do not post sensitive information on social media sites.
    • Know who you are speaking and connecting with.
    • It is better to question what you see in e-mails and pop-ups.
    • Be mindful of email and phone call fraud attempts. 
    • Like always "if it seems too good to be true, it probably is"

    More Information

    Cyber Security Awareness


    The Following are some tips so you and your personal information is secure:

    • Always be suspicious of unsolicited phone calls
    • Never Open emails from unknown senders. 

    • Be careful, read the email and look for grammar errors and misspelled words.
    • Install security software and keep it up to date 
    • Back up any data and scan your systems regularly
    • Do not Post or provide personal information, such as addresses, phone numbers, social security etc.
    • Make Passwords long and strong
    • Always be smart about using your devices; do not connect to unknown WiFi connections.

    More Information

    IRS Phishing and Online Scams:

    Please be aware a combination of calls, emails and text messages that appear to be from the IRS are going around. The IRS does not initiate contact with taxpayers by email, text, or social media. They are trying to lure people to a malicious website or to provide personal and financial information. Always know who your are speaking with or what sites you are clicking on.

    • Don't Reply to unknown emails or text

    • Don't open any attachments

    • Don't click on any links 
    • Be Skeptical; it’s best to doubt the legitimacy of the call
    • Always check the source
    • Never send money to receive money 

    More Information

    Visit Colonial Federal's Privacy & Security page for security tips and your responsibilities.