Tax Time Scams and How To Avoid Them

As we head into tax season, we’ll see an influx of tax-related scams. Here is some information on what to keep an eye out for as well as some resources from the IRS regarding tax-related scams.

Phishing email is still the biggest attack avenue, as it is cheap and easy. Use the SLAM (Sender, Links, Attachments, Message) method to assess any suspicious emails:

  1. Check the Sender address
  2. Hover over any Links to see if they match the text
  3. Be wary of Attachments
  4. Check the Message. Red flags are a sense of urgency, consequences if something isn’t immediately done, or requests for payment in odd forms

The IRS compiles a list of its “Dirty Dozen” scams each year. It can be accessed here: https://www.irs.gov/newsroom/dirty-dozen. They also have a webpage dedicated to specific tax scams and consumer alerts: https://www.irs.gov/newsroom/tax-scams-consumer-alerts. It is a good place to learn about common scams and how to identify them. And for the low tech scams, here is a page dedicated to helping you determine if the IRS is really on the phone or knocking at your door: https://www.irs.gov/newsroom/how-to-know-its-really-the-irs-calling-or-knocking-on-your-door.

The IRS will never:

  • Call to demand immediate payment using a specific payment method such as a prepaid debit card, gift card or wire transfer. Generally, the IRS will first mail a bill to any taxpayer who owes taxes.
  • Threaten to immediately bring in local police or other law-enforcement groups to have the taxpayer arrested for not paying.
  • Demand that taxes be paid without giving taxpayers the opportunity to question or appeal the amount owed.
  • Ask for credit or debit card numbers over the phone.
  • Call you about an unexpected refund.

(taken from their website: http://bit.ly/2AQf8cF)

Sign up for our monthly Timely Tech Tips: https://bit.ly/CBTech-Tips. For weekly tips like these, follow us on Facebook: http://bit.ly/2sCMb30 LinkedIn: http://bit.ly/375e6HB Twitter: http://bit.ly/3ajca0n

You Should Implement Security Awareness Training Now

Security awareness training, when provided on a weekly or monthly recurring basis, helps users understand different threats they might be exposed to during their personal and work lives. The training typically focuses on the digital realm, though it might include scams that operate via face-to-face or postal service methods. The goal of the training is to elevate users’ awareness of these threats so they can recognize them before falling victim to them, or at least help them mitigate any damage if they do fall victim.

So why should your company implement this training, and why more often than just once a year or quarter? In short, human nature. Without delving in to the psychological, here are a few key points:

  • humans are creatures of habit
  • we all have a natural tendency to want to help
  • as humans we have a natural fear of the unknown or unexpected
  • we all have short memories and shorter attention spans

A great example of why regular training is necessary: a user was selling something on Facebook Marketplace and started a texting conversation with a potential buyer. The potential buyer asked the user to provide a Google authentication code to verify the user was a “trusted account”. The user received a text message from Google with a 6-digit code and provided this code to the potential buyer. The buyer came back and said the code didn’t work and asked the user to provide the code again. At that point the user became suspicious and ended the conversation. Unfortunately, the user had unknowingly bypassed the multi-factor authentication on their Google account by providing that code to the potential buyer.

Implementing a training program that regularly educates users about threats, tests their knowledge, offers additional training when necessary, and is engaging, will help your company avoid many common threats that technology alone cannot mitigate while not impacting users’ productivity. This article points out why security awareness training is more important than ever as phishing attacks are the top avenue for ransomware delivery: http://bit.ly/3IUAdWX.

If you have questions about implementing security awareness training in your company, contact us here: https://bit.ly/CBTech-contact

Sign up for our monthly Timely Tech Tips: https://bit.ly/CBTech-Tips

For weekly tips like these, follow us on Facebook: http://bit.ly/2sCMb30 LinkedIn: http://bit.ly/375e6HB Twitter: http://bit.ly/3ajca0n

End of Year Planning: Are You Ready for 2023?

Can you believe we’re already near the end of 2022?!?! In between scrambling to get ready for Thanksgiving and thinking about all the Black Friday deals you need to get, have you thought about planning out the next year for your business? Now is a good time to start the planning process, even if it’s just jotting down some goals and targets for next year.

Now you might ask “why is a technology company writing about business planning?”. Great question. Business planning is an important part of the CBTech Support process. CBTech Support evaluates its clients’ environments on a regular basis and uses that information to help inform the business planning process. As part of the planning process, you’re looking at what you want to accomplish in your business next year, and technology will play a part in that. It’s important to know what areas of technology will have the biggest impact on your business, such as where there is a large security gap or a disconnect in your workflow, or even something as simple as when you want to replace some old computers. It’s also important to know what you want to achieve so that you can make sure your current technology can help you get there; and if not, what might be needed to make it happen. The good news is you can start with small steps just to get the ball rolling. Feel free to reach out to us with any questions or if you would like an introduction to someone who can help with the business planning.

Sign up for our monthly Timely Tech Tips: https://bit.ly/CBTech-Tips

For weekly tips like these, follow us on Facebook: https://bit.ly/2sCMb30 LinkedIn: https://bit.ly/375e6HB Twitter: https://bit.ly/3ajca0n

National Cybersecurity Awareness Month 2022

October is National Cybersecurity Awareness Month. In keeping with this theme, let’s talk about the upcoming holidays and some common scams to keep an eye out for.

One of the more popular scams during the holidays is to play on the search for the year’s “hottest” toy. Every year there is at least one toy that seems to go “viral” and become the must have for every child. It then becomes nearly impossible to find at all the mainstream retailers, so you start searching online to try to find it. This is what the scammers count on, as it’s easy for them to place ads advertising too good to be true deals that lead to phishing or other malicious sites. If it seems too good to be true, it probably is.

During the holidays we all get requests from charities to donate while we’re feeling the holiday spirit. This is another place where scammers can take advantage of our human nature. If you receive unsolicited phone calls requesting donations that turn into high pressure pitches, just hang up. If you’re donating online, make sure to research the charity you’re thinking of giving to in order to make sure it’s reputable. The IRS has a database of charitable organizations that is a good starting point: https://www.irs.gov/charities-non-profits/search-for-tax-exempt-organizations.

National Cybersecurity Awareness Month is all about raising awareness, and education is key. You can also take advantage of a wealth of information available online such as:

Sign up for our monthly Timely Tech Tips: https://bit.ly/CBTech-Tips

For weekly tips like these, follow us on Facebook: https://bit.ly/2sCMb30 LinkedIn: https://bit.ly/375e6HB Twitter: https://bit.ly/3ajca0n

Uber was hacked again; why does it matter to me?

On Thursday September 15 Uber announced that they had been the victim of a hacker. Details are still unfolding, but initial reports suggest the hacker had complete access to almost all of Uber’s internal systems (https://www.wired.com/story/uber-hack-mfa-phishing/). This kind of announcement has, unfortunately, become quite common. Let’s look at how this happened (with what we know so far), some possible preventative measures, and why all this matters to you as a business owner or computer user.

The hack started with stolen credentials. The presumption is that the hacker purchased them on the dark web, but how did they wind up there? In most cases they are captured when a user falls for a phishing email, but they can also be guessed if you’re not using a strong, complex password. They could also have been compromised in another breach and the user had the same password across different accounts. Possible preventative measures here would include security training for end users to avoid falling for phishing emails, monitoring the dark web for credentials associated with your accounts, using strong and complex passwords, using a password manager to have unique passwords across all accounts, and having breach alerts to let you know when a service is compromised so you can change those credentials.

After the hacker gained the user’s credentials he attempted to log in to Uber’s systems. Uber has multi-factor authentication (MFA) in place, which typically prevents an unauthorized login attempt like this from succeeding. Unfortunately, in this case, the user fell victim to what is called “MFA fatigue”: the attacker repeatedly sent MFA requests to the user for almost an hour, then contacted the user claiming to be an Uber IT technician and told the user the prompts would stop if the user allowed the login attempt. Possible preventative measures at this point would be educating users on MFA and abnormal behavior like repeated prompts over the course of an hour, as well as the proper communication channels between themselves and IT/technology support personnel.

Once the attacker gained access to Uber’s systems by getting credentials and tricking the user into allowing the attacker’s login attempt, there were several other factors that allowed the attacker to almost compromise Uber’s internal systems completely. Things like administrative credentials stored in file shares or coded into scripts, compromise of management systems that had access to multiple other internal systems and databases, all played a role.

What does all that mean for you as a business owner or a computer user? It means that something as simple as stolen credentials and a text message can lead to your business being hacked. There are steps you can take to mitigate the risk of that happening, as mentioned above. It can all seem overwhelming, but the key is to start with small steps and to keep going. It’s an ongoing, ever-evolving process, but having a good technology partner can make it smoother.

Do you want to have a deeper discussion about this? You can contact us here: https://bit.ly/CBTech-contact.

Sign up for our monthly Timely Tech Tips: https://bit.ly/CBTech-Tips

For weekly tips like these, follow us on Facebook: http://bit.ly/2sCMb30 LinkedIn: http://bit.ly/375e6HB Twitter: http://bit.ly/3ajca0n

Were You Able to Unplug This Summer?

As summer winds down, let’s take some time to assess the screen time habits that we’ve had for the past 8 months. If you’re anything like us, you’ve been glued to your devices, keeping up with news, streaming TV and movies, watching sports, working, working, working… We thought it would be a good time for some tips on how to unplug, whether you’re taking a trip or just want a day away from technology.

Tip 1: Come up with a plan. For example, decide to limit screen time to 10 minutes in the morning to catch up on email. Check out this New York Times article for more: https://www.nytimes.com/2020/11/25/technology/personaltech/digital-detox.html

Tip 2: Leave your devices at home. If you’re going outside, leave the device inside. If you’re taking a trip to the beach, leave them in the car. There are some more good examples in this Wall Street Journal article: https://www.wsj.com/articles/how-to-wean-your-kidsand-yourselfoff-screens-11621080000

Tip 3: Create device-free zones. Set up areas of your house, times of day, or spaces while on vacation that you will not bring a device. This can help reduce the urge to check the device for notifications. Check out this Google article for more: https://wellbeing.google/get-started/unplug-more-often/#top

There is a plethora of articles on unplugging, so definitely take the time to search around if you want more ideas. And enjoy the last remnants of summer!

Sign up for our monthly Timely Tech Tips: https://bit.ly/CBTech-Tips. For weekly tips like these, follow us on Facebook: http://bit.ly/2sCMb30 LinkedIn: http://bit.ly/375e6HB Twitter: http://bit.ly/3ajca0n

How to buy a computer for school

Can you believe we have to start thinking about school again?!?! Didn’t the year just end? Normally, schools require computers to complete classwork, homework, and research. A decent computer is necessary to attend to all that plus the possibility of needing to attend online classes.

The question you should ask when deciding to buy a new computer for school, or for any purpose really, is “what am I going to use it for?”. Some common answers are:

  1. browsing the internet
  2. email
  3. specific applications
  4. attending class remotely
  5. video conferencing

For 1 and 2, the specifications are not demanding. You can get by with a basic computer from almost any store. However, we would still recommend that the processor be an Intel Core i5 or i7. The RAM (or memory) used for browsing the internet will depend on how many browser tabs or windows you have open at one time. The more tabs or windows you anticipate opening the more RAM you should have in your computer. We would recommend at least 8GB.

A computer used for specific applications will need to meet the requirements of the vendor who made the application. All vendors will list minimum and recommended system requirements. You should review those requirements for each and any application you plan on using before buying the new computer. Just as with browser tabs and windows, the more applications you run at one time the more RAM you should have in the computer. Additionally, most schools will have recommended specifications for buying a computer to use at the school.

The last component that should be considered when buying a new computer is the hard drive type and size. You still have two choices for type: traditional spinning drives (often referred to as SATA) or Solid State Drives (often referred to as SSD). We almost always recommend SSD drives because the performance is much better versus traditional spinning drives, and they are usually the norm these days. The size of the hard drive all depends on how much data you plan to save on your computer. If you are using the computer to browse the internet and/or use email, then the size of your hard drive does not need to be large. However, if you are saving images or video (which are the largest file size types) then you should get a larger hard drive.

Happy shopping!

Sign up for our monthly Timely Tech Tips: https://bit.ly/CBTech-Tips

For weekly tips like these, follow us on Facebook: http://bit.ly/2sCMb30 LinkedIn: http://bit.ly/375e6HB Twitter: http://bit.ly/3ajca0n

Work from the beach (but really, don’t!)

It’s summer. You’re at the beach. You need to finish up some details to close a last-minute deal. You need to access that critical file because you’re the only one that can handle it. You’re out of luck, right? Not so fast! There are many ways to remotely, and securely, access business resources outside the office.

The first rule of thumb is to ask your technology services provider what methods are available to you. They should be able to help you implement something that fits your needs, budget, and security concerns, if they haven’t already. And security is a big concern these days.

The next rule of thumb is that the ways to get to what you need are as varied as the types of resources you want to get to. It all depends on what you need to get to: files like documents or spreadsheets, or applications like QuickBooks. And each business is going to have different requirements, regulations, and budgets, et cetera, that will determine what method or methods can be used. This brings the first rule of thumb back in to play: your technology services provider will know what methods fit your situation best.

Enjoy your summer!

Sign up for our monthly Timely Tech Tips: https://bit.ly/CBTech-Tips

For weekly tips like these, follow us on Facebook: http://bit.ly/2sCMb30 LinkedIn: http://bit.ly/375e6HB Twitter: http://bit.ly/3ajca0n

Why CISA’s Threat Advisory to MSPs Matters to You

The Cybersecurity & Infrastructure Security Agency (CISA) released an alert last week, May 11, advising MSPs “of recent reports that observe an increase in malicious cyber activity targeting managed service providers (MSPs) and [we] expect this trend to continue.” They also released guidance for MSPs and their customers to reduce the risk of falling victim to a cyber intrusion.

So what does all that mean for you? It simply means that the IT company you pay to manage your technology (like CBTech) is a target, and by extension so are you. Why? If the IT company is compromised, the attackers will most likely have full access to all the clients; that’s a lot easier than trying to infiltrate each client individually and is potentially a much bigger payoff (after all, money is usually the end goal).

What can/should you do? The best place to start is to have a conversation with your IT company. Understanding how your business operates can help the IT company recommend the right security measures. You also want to make sure the IT company has measures in place to protect themselves. Here are a few of the recommendations from CISA:

  • Prevent initial compromise
  • Enable/improve monitoring and logging processes
  • Enforce multifactor authentication (MFA)
  • Apply the principle of least privilege
  • Deprecate obsolete accounts and infrastructure
  • Apply updates
  • Develop and exercise incident response and recovery plans

For the complete list, along with explanations, you can read the CISA notice here: https://bit.ly/3yFSXV2.

Do you want to have a deeper discussion about this? You can contact us here: https://bit.ly/CBTech-contact.

Sign up for our monthly Timely Tech Tips: https://bit.ly/CBTech-Tips

For weekly tips like these, follow us on Facebook: http://bit.ly/2sCMb30 LinkedIn: http://bit.ly/375e6HB Twitter: http://bit.ly/3ajca0n