VIPRE Security News Vol. 1 | Issue 1
VIPRE Security News
From the Editor
Welcome to the first issue of the new VIPRE Security News, ThreatTrackâ€™s consumer-focused newsletter. Each month, the newsletter will bring you security news from around the net, provide information about browsers and operating systems, and offer some useful advice. In addition, we will have main features on a topical issue.
Our main features this month center on an issue dear to everyoneâ€™s heart and pocket...tax. As you probably know, itâ€™s time to pay your taxes or at least file those dreaded tax forms. To complicate matters, scam artists are especially active during this time of year, trying to steal your identify and money.
We hope you find the newsletter interesting and informative. As we created VIPRE Security News for people like you -- owners of our consumer products -- we want it to be relevant to your security interests and needs.
Please give us your feedback and ideas, so we can make the newsletter as useful and enjoyable as possible.
John-Erich G. Mantius
Director of Consumer Business
VIPRE Antivirus Software and Mobile Security
Security News Room
Your Car Has Been Hacked?!?
The brain inside your car -- aka the computer that controls the many features and safety systems of your vehicle -- can be hacked just like any other computer.
And, the hacking can be done relatively easily and inexpensively, according to recent work done by Spanish security researchers Javier Vazquez-Vidal and Alberto Garcia Illera.
The Spanish pair, who will present their research at the upcoming Black Hat Asia security conference, created a device smaller than a smartphone that can hack a carâ€™s central computer and sabotage its functions. They built it for about $20, using off-the-shelf parts.
When the device is connected to a car, it causes windows, headlights, and even crucial functions such as brakes and power steering to malfunction. Once attached, the device draws power from the vehicle's electrical systems and connects to a carâ€™s onboard network called a Controller Area Network (CAN bus), which coordinates and operates all of a carâ€™s key features and functions.
The device connects to the CAN bus via four wires which are used to input commands over Bluetooth from an attack computer. Vazquez-Vidal and Garcia Illera call the device the CAN Hacking Tool, or CHT.
The goal of the research is to alert car manufacturers to the security vulnerabilities of their vehicles, as Vazquez-Vidal pointed out in a recent interview with Forbes.
Obama Administration Seeks Strong Cyber Security Law
After two high-profile data breaches at Neiman Marcus and Target near the end of 2013, the Obama administration recently recommended a uniform federal standard requiring businesses to promptly report thefts of personal electronic information.
Assistant Attorney General Mythili Raman told a Senate Judiciary Committee hearing in January that businesses should be required to provide quick notice to consumers in the wake of a breach.
"American consumers should know when they are at risk of identify theft or other harms because of a data security breach,â€ she said.
The hearing began with Targetâ€™s Chief Financial Officer John Mulligan noting -- and apologizing for -- the data breach that exposed information involving 110 million Target customers.
About 40 million Target credit and debit card accounts were breached -- compromising customers' credit and debit card numbers, expiration dates, PIN numbers and codes on the cards' magnetic strips. In addition, about 70 million Target customers had their names, phone numbers, e-mail addresses and mailing addresses compromised.
Mulligan said Target plans to replace its current magnetic strip cards with ones that have embedded data chips by the first quarter of 2015.
Neiman Marcus Senior Vice President Michael Kingston told the committee that more than 1 million customer accounts were hacked in December.
Consumer Union, the policy and action division of Consumer Reports, said it was concerned about vulnerabilities in debit cards, which have fewer legal protections than credit cards, said Delara Derakhshani, Consumer Unionsâ€™ policy counsel.
"While consumers might not ultimately be held responsible if someone steals their debit card and PIN number, data thieves can still empty out consumers' bank accounts and set off a cascade of bounced checks and late fees, which victims will have to settle down the road," Derakhshani said. "The burden is being put on consumers to be vigilant to prevent future fraudulent use of their information."
Federal Trade Commissioner Edith Ramirez said the FTC wants a strong federal data security and breach notification law.
Although most states have laws covering the above issues, Ramirez told the committee that a strong and consistent national requirement would simplify compliance by businesses while ensuring that all consumers are protected.
In addition to requiring retailers and other corporations to comply with a federal data security law, the law should enable the FTC to bring cases and make data security rules for non-profit groups, she said.
Target, Neiman Marcus and other retailers have offered a year of free credit monitoring for customers whose accounts were breached.
However, such services have drawbacks, said Derakhshani, noting that many of the contracts with the credit monitoring services require consumers to agree to mandatory arbitration, giving up their right to go to court if disputes arise.
Itâ€™s Tax Season...
So, Itâ€™s Also Tax Scam Season!
Itâ€™s here, the most dreaded season of all, tax season, which also means itâ€™s high season for tax scammers.
While scams come in various shapes and sizes, ranging from identify theft to return preparer fraud, there are 12 (the Dirty Dozen) scams the IRS wants us all to know about as they tend to peak during the tax filing months.
The following are the IRSâ€™ Dirty Dozen tax scams for 2013: Identity Theft
Tax fraud by identity theft topped the 2013 list. Identity theft occurs when someone uses your personal information such as your name, Social Security Number (SSN) or other identifying information, without your permission, to commit fraud or other crimes.
Phishing is a scam typically carried out with the help of unsolicited email or a fake website that poses as a legitimate site to lure in potential victims and prompt them to provide valuable personal and financial information.
Return Preparer Fraud
About 60 percent of taxpayers will use tax professionals this year to prepare their tax returns. Some unscrupulous preparers prey on unsuspecting taxpayers, and the result can be refund fraud or identity theft.
Hiding Income Offshore
A number of individuals try to evade U.S. taxes by hiding income in offshore banks, brokerage accounts, foreign trusts, employee-leasing schemes, private annuities or insurance plans.
â€œFree Moneyâ€ from the IRS & Tax Scams Involving Social Security
Flyers and advertisements for free money from the IRS, suggesting that the taxpayer can file a tax return with little or no documentation, have been appearing in community churches around the country.
Impersonation of Charitable Organizations
These scams typically occur in the wake of significant natural disasters. Scammers impersonate charities to get money or private information from well-intentioned taxpayers.
False/Inflated Income and Expenses
Including income that was never earned, either as wages or as self-employment income in order to maximize refundable credits, is another popular scam.
False Form 1099 Refund Claims
Some individuals make refund claims based on the bogus theory that the federal government maintains secret accounts for U.S. citizens and that taxpayers can gain access to the accounts by issuing 1099-OID forms to the IRS.
Promoters of frivolous schemes encourage taxpayers to make unreasonable and outlandish claims to avoid paying the taxes they owe. The IRS has a list of frivolous tax arguments that taxpayers should avoid.
Falsely Claiming Zero Wages
Filing a phony information return is an illegal way to lower the amount of taxes an individual owes. Typically, a Form 4852 (Substitute Form W-2) or a â€œcorrectedâ€ Form 1099 is used as a way to improperly reduce taxable income to zero.
Disguised Corporate Ownership
Third parties are improperly used to request employer identification numbers and form corporations that obscure the true ownership of the business.
These entities can be used to underreport income, claim fictitious deductions, avoid filing tax returns, participate in listed transactions and facilitate money laundering and financial crimes.
Misuse of Trusts
For years, unscrupulous promoters have urged taxpayers to transfer assets into trusts. While there are legitimate uses of trusts in tax and estate planning, some highly questionable transactions promise reduction of income subject to tax, deductions for personal expenses and reduced estate or gift taxes.
3 Immediate Steps to Take When Someone Steals Your Identify
Identity theft happens when someone steals your personal information and uses it without your permission. Such theft can wreak havoc with your finances, credit history, and reputation â€” and can take time, money, and patience to resolve.
If you become a victim of such theft, the FTC (http://www.consumer.ftc.gov/features/feature-0014-identity-theft) recommends you take the following 3 steps immediately:
Place a Fraud Alert on Your Credit Report
Ask one of the three credit reporting companies to put a fraud alert on your credit report. They must tell the other two companies. An initial fraud alert can make it harder for an identity thief to open more accounts in your name. The alert lasts 90 days but you can renew it.
Order Your Credit Reports
After youâ€™ve placed a fraud alert, youâ€™re entitled to a free credit report from each of the three credit reporting companies.The credit reporting company that you call will explain your rights and how you can get a free copy of your credit report. Order the report and ask the company to show only the last four digits of your Social Security number on your report.
If you know which of your accounts have been tampered with, contact the related businesses. Talk to someone in the fraud department, and follow up in writing. Send your letters by certified mail; ask for a return receipt. That creates a record of your communications.
- Create An Identify Theft Report
An Identity Theft Report gives you some important rights that can help you recover from the theft. To create one, file a complaint with the FTC and print your Identity Theft Affidavit. Use that to file a police report and create your Identity Theft Report.
Finally, the FTC recommends you monitor your progress towards resolving your problem. Be prepared to organize your papers, log phone calls, and track deadlines.