linkedin facebook  twitter

 

 or Call (888) 634-0001

Beware: “Largest Ever” Phone Fraud Scam Targeting Taxpayers

Posted by Stephen C. Studley CFU CVA CLU CFP CPA

Mar 25, 2014 10:23:21 AM

If you somehow missed it on the news, radio, web, blogs, you should know The Treasury Inspector General for Taxpayer Administration (TIGTA) issued a warning to taxpayers to beware of phone calls from individuals claiming to represent the Internal Revenue Service (IRS) in an effort to defraud them.

Read More

Topics: Information Security, phishing, irs announcements



Seeing Both Sides of the Cloud

Posted by William Prohn, CISSP, CISA, CGEIT, CRISC

Feb 5, 2014 1:47:18 PM

 

"I've looked at clouds from both sides now
From up and down, and still somehow
It's cloud illusions I recall
I really don't know clouds at all"
 – Judy Collins, “Both Sides Now”

 

As Judy Collins famously noted, there are two sides to cloud computing and it's important that you consider both of them. While it is easy to identify the benefits of outsourcing your IT needs, the risks associated with cloud computing may be more difficult to see. It’s important to ask the right questions before diluting your control over your data.

Read More

Topics: Information Security



Identity Thief - Straight from the Headlines

Posted by William Prohn, CISSP, CISA, CGEIT, CRISC

Jan 15, 2014 12:47:00 PM

 

IRS Warns of Phone Scam

The IRS is warning the public about a phone scam that targets people across the nation, including recent immigrants. Callers claiming to be from the IRS tell intended victims they owe taxes and must pay using a pre-paid debit card or wire transfer. The scammers threaten those who refuse to pay with arrest, deportation or loss of a business or driver’s license.

The callers who commit this fraud often:

  • Use common names and fake IRS badge numbers.
  • Know the last four digits of the victim’s Social Security number.
  • Make caller ID appear as if the IRS is calling.
  • Send bogus IRS emails to support their scam.
  • Call a second time claiming to be the police or DMV, and caller ID again supports their claim.

Read More

Topics: Information Security, phishing, identity theft



Phishing 301: Targeted Phishing Attacks

Posted by William Prohn, CISSP, CISA, CGEIT, CRISC

Jan 13, 2014 3:21:00 PM

 One step ahead.

It seems that criminals and online attackers are constantly finding new, and ever more clever methods for stealing information, always staying one step ahead of the law. What can you do to protect yourself in this war against cybercrime? To start, you must increase your awareness of the threats that face you on a daily basis.

Read More

Topics: Information Security



Keeping Track of Passwords: Why use a password manager

Posted by William Prohn, CISSP, CISA, CGEIT, CRISC

Jan 10, 2014 4:41:14 PM

Until the issues surrounding biometric recognition are fully remedied, passwords will remain as the preeminent access control measure. But, with that being said, the process of creating and storing strong passwords does not need to be laborious. You see, the evolution of password managers has made it so that individuals can effectively manage an abundance of passwords, and they can do so by only having to remember a single, strong password. Now, you may ask yourself – what exactly is a password manager? Simply put, think of a password manager as a state of the art vault, and within that vault, you store all of your passwords.

The greatest benefit of utilizing such an approach is that you can use the password management system to create extremely strong passwords for all of your accounts. For  example, as you can see in the screen shot, most password managers’ provide users with a random password generator. Using the random password generator, users can then create a unique, near uncrackable password for each of their respective password protected accounts. Furthermore, most password generators are customizable, thereby ensuring that your new password is in compliance with oft varying password requirements. As such, if you need a password that is 15 characters in length, that includes 2 digits and a special character, the random generator can accommodate such a request.

Read More

Topics: Information Security, strong password, e-mail security, password strength, password management, password management programs, strong passwords, secure passwords



Phishing 201: Advanced Phishing Threats

Posted by William Prohn, CISSP, CISA, CGEIT, CRISC

Jan 8, 2014 11:39:00 AM

 One step ahead.

It seems that criminals and online attackers are constantly finding new, and ever more clever methods for stealing information, always staying one step ahead of the law. What can you do to protect yourself in this war against cybercrime? To start, you must increase your awareness of the threats that face you on a daily basis.

Phishing 101: What's a 'Phish' Anyway? introduced you to email threats such as the "Nigerian Letter Scam."  In our second phishing post, we're going to cover scams that are considerably more complex than the classic Nigerian scam. As computer users have become more aware, and security technology more advanced, cyber criminals have been forced to try and imitate trusted companies in order to lure in their victims. Below, you will find a few examples of these scams so that you can be better armed the next time an attacker strikes.

Advanced Schemes:

Cyber-attacks typically fall in to one of two categories: opportunistic or targeted. Opportunistic attacks rely on the probability that at least one user (out of potentially thousands) will fall victim to the attack, with no regard for the identity of that individual. Targeted attacks, which will be covered in Part 3 of this blog, seek out specific users who have been selected in advance for possessing some value to the attacker.

With advanced phishing schemes, impersonation is the name of the game. Attackers have been crafting incredibly accurate emails that appear to be coming from legitimate businesses, sometimes even mimicking an individual's employer. 

Read More

Topics: Information Security



Phishing 101: What's a 'Phish' Anyway?

Posted by William Prohn, CISSP, CISA, CGEIT, CRISC

Jan 6, 2014 3:14:00 PM

One step ahead.

It seems that criminals and online attackers are constantly finding new, and ever more clever methods for stealing information, always staying one step ahead of the law. What can you do to protect yourself in this war against cybercrime? To start, you must increase your awareness of the threats that face you on a daily basis.

So What is a Phishing Email, Anyway?

A simple definition of phishing is: the use of fraudulent emails to gain access to personal or financial data, as well as to obtain log-in credentials. In the earlier days of emails, you may remember receiving pleading messages claiming to be from a desperate Nigerian prince, usually requesting that you become involved in the transfer of millions of dollars (they were so common that this type of scam has been unofficially labeled the "Nigerian Letter Scam"). Most email users identified these scams, and avoided them, so you may be wondering: "Why is spam still so prevalent?" The answer may surprise you.

Why Do We Still Have Spam?

During the late '90s and early '00s, computer security was just starting to become a standard practice for many PC users. Anti-virus software was not the standard it is today, and most computers had gaping vulnerabilities in their systems. This presented hackers with a number of methods for attack, such as viruses, trojans and worms. Steadily, computer security technology (and adoption) adapted to these attack vectors and decreased the number of opportunities for cyber criminals to gain access. 

Read More

Topics: Information Security



Passwords: Remembering What They Are and Where You Store Them

Posted by William Prohn, CISSP, CISA, CGEIT, CRISC

Oct 18, 2013 10:41:00 AM

Introduction

Read More

Topics: Information Security, strong password, password strength



Who Else is Reading Your E-mail?

Posted by William Prohn, CISSP, CISA, CGEIT, CRISC

Sep 27, 2013 5:09:00 PM

Background

Read More

Topics: Information Security, e-mail security, e-mail encryption, data in transit, e-mail breach



Portable Devices: Friend or Foe?

Posted by William Prohn, CISSP, CISA, CGEIT, CRISC

Sep 27, 2013 3:39:00 PM

Background

Read More

Topics: Information Security, cyber attack, cyberattack, portable devices, portable device encryption





Join Our Mailing List


Recent Blogs

Posts by Topic

see all