These quick to read Security Tips just might save your practice! We’ll change them monthly and keep you up to date on the newest threats and alerts as well as good advice.
February 2019:We’re seeing a new variant of an old scam. Here’s what happens: a secretary gets an e-mail from her boss – who is traveling – to please send him, as soon as possible, scanned copies of all the W2s the company issued at the end of January. The message appears to come from her manager, including having what looks like his actual e-mail address when she looks at in Outlook. She gets suspicious – she has just talked to her boss on the phone that morning, and he never mentioned needing that information. Before she collects the W2 PDFs that are on the HR drive, she decides to text her boss and check on it. Great catch! The boss never requested that information. Had she not been proactive and instead just completed the task assigned to her, she would have given a scammer all of the confidential information that is on a federal W2 form for every employee in her firm! The scammer likely would have used the information to commit identity theft and/or file false returns next year to claim the refund.
Always be vigilant and proactive – it’s better to be suspicious and double-check everything when dealing with confidential information. Try to provide that detail in an encrypted e-mail, or at minimum with a password on the files (and don’t include the password in the body of the e-mail!). The few extra minutes it takes could save months of heartache for all of your employees.
Social engineering is big business. What is it? Figuring out who you are and then using that information to make money off of it. People list password challenge and identity verification publicly or at least freely on their Instagram, Twitter and Facebook pages and feeds without giving it a second thought. Maiden name? Check. Favorite pet? Check. High school? Check. Town they grew up in? Check. Favorite or first car? Check. Throwback Thursday is a social engineer’s dream! They love this stuff. Combat it by always giving false password and identity challenge and verification information to the sites and services that require it. Keep the answer file off-line or at least in a format that’s not easily guessed. Remember, if it’s a handwritten list, you can still take a photo of it.
Here’s a tip that just might save your bacon: set up withdrawal alerts on your bank accounts. Many banks will send you an e-mail alert whenever money is withdrawn from your account via check, debit card or transfer. Setting up those alerts will allow you to spot and report fraudulent activity BEFORE the money has already been siphoned into a cybercriminal’s hands.
|