Written by: Jill Henderson, Cachet Marketing Manager
People, particularly parents, are well aware of the dangers of social networking in terms of personal attacks but with Social Networking becoming more and more prevalent in both our business and personal lives, its more important than ever to protect yourself against all types of cyber criminals. The following tips are great ways to minimize your risk exposure online:
- Password protection - Use a different password for social networking sites then you do for your email and financial accounts. Also, change your passwords frequently and do not use names or numbers (such as birthdays) within your passwords that are publicly posted on your social networking profiles.
- Following and Friending - Be selective in who you connect to. Connecting with strangers on social networks is absolutely unnecessary in a personal arena but in business making contacts and expanding your referral network is important. Consider only connecting with people you know, friends of friends/colleagues, people who work within your same industry or who share similar hobbies. Anyone can misrepresent themselves online but being selective about who you connect to can help limit the threats to your accounts and personal information.
- Links - Don't click on suspicious status updates, articles or links. If your Great Uncle who only listens to Frank and the rest of the Rat Pack, starts tweeting about Justin Beiber... he's probably been hacked, don't perpetuate the security breach by clicking and risking your accounts as well.
- Oops! I Clicked - If you must (or accidentally) click on your "Great Uncle's" Justin Beiber tweet and it takes you to another page asking for personal information or passwords, do not provide the information!
- Privacy Settings - Make sure that you set your privacy settings when creating your social networking profiles and update them regularly. Social media sites are constantly adding and changing security and sharing features, checking your settings regularly will allow you to share or hide personal information at a level that is comfortable for you.
- Security Software - Make sure the security software on your computer and handheld devices is up to date.
- Checking In - Publicly posting your location or weekend/vacation plans can open you or your home up to criminal attacks. If you're going on vacation and you are excited to tell your friends and family all about it, consider waiting until you return from your vacation or limit the people who can see that particular post... otherwise you could arrive home to an empty house. Do you have a "crazy" ex that you want to stay away from? Checking In around town lets them know where you are; if you don't want people to find you, don't tell them where you are.
Written by: Nixon Adoyo, PTM Tax Client Services Manager
Phishing perpetrators continue unrelenting assault on businesses in a bid to illegally gain access to extract data from companies so they can further their criminal activities. The Payroll Service Industry seems to be dealing with a new barrage of attacks that have continuously evolved and progressed in sophistication in an attempt to fool unsuspecting organizations into granting access to vital data.
Attackers seem to be stepping outside known “bait” methods or email formats that could easily be identified and flagged by using email addresses and domain names that mimic known and respected organizations like the IRS, NACHA, BBB and even USPS.
Earlier this year, the Electronic Payments Association received reports that companies and individuals were receiving fraudulent emails that appeared to have been sent from National Automated Clearing House Association (NACHA). Reported emails were sent to unsuspecting individuals and organizations advising of electronic payments that had been rejected, flagged or blocked by the Clearing House Association.
Instructions in these emails advised recipients to open attachments for more details on mentioned blocked transactions. Once the email or attachments were opened, Malware attached to the emails infected victims systems successfully completing intended task.
National Automated Clearing House Association (NACHA) released an alert in March 2011 advising organizations of the phishing emails in an excerpt taken from their website citing, they were aware of emails varying in content that appeared to be transmitted from email addresses associated with the NACHA domain (@nacha.org). These emails later began listing addresses with fictitious names of NACHA employees and or departments as shown in this example. (jdoe@nacha.org)
The notification went on to clarify that NACHA itself does not process or touch ACH transactions that flow to and from organizations and financial institutions. NACHA also does not send communications to persons or organizations about individual ACH transactions that they originate or receive. While Payroll Tax Management notified clients about these emails, complete details are available on NACHA's website.
The Internal Revenue Service and the Federal Deposit Insurance Corporation have also released publications on their websites about phishing emails created to seem like they come from their domains and have detailed nature of emails and how to identify, contain and report problem.
So far names of the following organizations have been used in these phishing scams.
- BBB - Better Business Bureau
- FDIC - Federal Deposit Insurance Corporation
- IRS - Internal Revenue Service
- NACHA - National Automated Clearing House Association
- USPS - United States Postal Service
To protect our internal assets and client data, Payroll Tax Management (PTM) employs security software programs to monitor its system and to identify unauthorized attempts to upload or alter information. Emails procedures and training is done to equip employees with the ability to identify phishing emails. The importance of training is making everyone aware of these ever evolving phishing attacks along with better understanding of how all organizations we transact with communicate. With this knowledge it becomes that much easier for everyone to help flag suspect communication methods.
Payroll Tax Management has also implemented policies and procedures that have helped identify emails that may not have been flagged as spam but appear suspect. Continuous education and communication to employees has helped defeat these attacks. Employees are constantly aware that suspect emails with attachments and/or links to Web pages host malicious code and software. For this reason, they do not open attachments or follow Web links in unsolicited emails from unknown parties or from parties with whom they do not normally communicate.
Forwarded emails from known parties that seem suspicious or otherwise unusual are also handled the same way and verification of the messages is done first by contacting sending party by phone before actually opening. Learning about organizations that handle our transactions and their methods of communication also helps identify these fraudulent emails. The IRS and other prominent organization like NACHA or FDIC state they do not send or solicit information by email.
We hope this information helps our clients and partners protect their systems from these attacks.
