Showing posts with label cyber security. Show all posts
Showing posts with label cyber security. Show all posts

Tuesday, June 8, 2021

News of Interest: Amazon implementation raises security issues

"There’s an eyebrow-raising technology buried inside millions of Amazon Echo smart speakers and Ring security cameras. They have the ability to make a new kind of wireless network called Sidewalk that shares a slice of your home Internet connection with your neighbors’ devices.

And on Tuesday, Amazon is switching Sidewalk on — for everyone.

I’m digging into my settings to turn it off. Sidewalk raises more red flags than a marching band parade: Is it secure enough to be activated in so many homes? Are we helping Amazon build a vast network that can be used for more surveillance? And why didn’t Amazon ask us to opt-in before activating a capability lying dormant in our devices?

I recommend you opt out of Sidewalk, too, until we get much better answers to these questions."
Continue reading the article online (subscription may be required)

Monday, March 29, 2021

Vaccine 'passports' (really 'certificates') will be difficult but are in development

"The Biden administration and private companies are working to develop a standard way of handling credentials - often referred to as “vaccine passports” - that would allow Americans to prove they have been vaccinated against the novel coronavirus as businesses try to reopen.

The effort has gained momentum amid President Joe Biden's pledge that the nation will start to regain normalcy this summer and with a growing number of companies - from cruise lines to sports teams - saying they will require proof of vaccination before opening their doors again.

The administration's initiative has been driven largely by arms of the Department of Health and Human Services, including an office devoted to health information technology, said five officials who spoke on the condition of anonymity to discuss the effort. The White House this month took on a bigger role coordinating government agencies involved in the work, led by coronavirus coordinator Jeff Zients, with a goal of announcing updates in coming days, said one official.

.... 

U.S. officials say they are grappling with an array of challenges, including data privacy and health-care equity. They want to make sure all Americans will be able to get credentials that prove they have been vaccinated, but also want to set up systems that are not easily hacked or passports that cannot be counterfeited, given that forgeries are already starting to appear."


Continue reading the article online at the Boston Globe (subscription may be required) 
https://www.bostonglobe.com/2021/03/28/nation/vaccine-passports-are-way-developing-them-wont-be-easy/

Or where it originated with the Washington Post (subscription may be required):  



Thursday, March 11, 2021

Tri-County Regional Vocational Technical High School Participates in CyberPatriot Competition

CyberPatriot is the National Youth Cyber Education Program created by the Air Force Association to inspire K-12 students toward careers in cybersecurity or other science, technology, engineering, and mathematics (STEM) disciplines critical to our nation's future. At the core of the program is the National Youth Cyber Defense Competition, the nation's largest cyber defense competition, that puts high school and middle school students in charge of securing virtual networks.
 
A total of 4,081 teams registered for this year's competition. Teams from the United States, Canada, and the Department of Defense Dependents schools abroad are eligible to participate in CyberPatriot's core program, the National Youth Cyber Defense Competition. The National Youth Cyber Education Program challenges teams of high school and middle school students to find and fix cybersecurity vulnerabilities in virtual operating systems. Using a proprietary competition system, teams are scored on how secure they make the system.

Four teams of six students represented Tri-County in this year's competition. Aiden Mai of Franklin, Kenjiro Mai of Franklin, Alex Comeau of Plainville, Callaghan Killian of North Attleboro, Zachary Belvin of North Attleboro, and Tyler Morrison of Franklin placed first in the Gold Division for Massachusetts.

The second team of Ryan Leber of North Attleboro, Jason Conti of Walpole, Christopher Zajac of Franklin, Christopher Virkaitis of North Attleboro, Gabriel Corey of Franklin, and Joshua Bellunduno of Franklin placed third in Massachusetts for the Platinum Division.

All teams worked hard; there were three rounds of competition. The State round being the one we participated in in January. Virtual National Finals will be held March 19-21, 2021.

Congrats to all. 

 

Four teams of six students represented Tri-County
Four teams of six students represented Tri-County


Tuesday, February 23, 2021

New York Times: "Why Was SolarWinds So Vulnerable to a Hack?"

Security expert Bruce Schneier write about the SolarWinds hack in the New York Times:

"There are two problems to solve. The first is information asymmetry: Buyers can’t adequately judge the security of software products or company practices. The second is a perverse incentive structure: The market encourages companies to make decisions in their private interest, even if that imperils the broader interests of society. Together these two problems result in companies that save money by taking on greater risk and then pass off that risk to the rest of us, as individuals and as a nation.

The only way to force companies to provide safety and security features for customers and users is with government intervention. Companies need to pay the true costs of their insecurities, through a combination of laws, regulations and legal liability. Governments routinely legislate safety — pollution standards, automobile seatbelts, lead-free gasoline, food service regulations. We need to do the same with cybersecurity: The federal government should set minimum security standards for software and software development."

Continue reading the article online (subscription may be required) 
 
Previous articles on the SolarWinds hack 



Saturday, January 16, 2021

Spear Phishing makes the news (again)

 
"A prominent TV news anchor in India, Nidhi Razdan was looking forward to starting her new job as an associate professor of journalism at Harvard University in September.

Just one setback. Harvard doesn’t have a journalism program.

After months of delays that she attributed to the pandemic, Razdan had a jarring realization: the faculty position, it turns out, doesn’t exist. The offer she thought she had accepted was nothing more than an elaborate ploy to access her personal information, she said."
Continue reading the article online (subscription may be required)
 

Sunday, January 3, 2021

Great summary of the Solar Winds attack, not just on the US

Noted security expert Bruce Schneier writes: 

"Recent news articles have all been talking about the massive Russian cyberattack against the United States, but that’s wrong on two accounts. It wasn’t a cyberattack in international relations terms, it was espionage. And the victim wasn’t just the US, it was the entire world. But it was massive, and it is dangerous. 
Espionage is internationally allowed in peacetime. The problem is that both espionage and cyberattacks require the same computer and network intrusions, and the difference is only a few keystrokes. And since this Russian operation isn’t at all targeted, the entire world is at risk — and not just from Russia. Many countries carry out these sorts of operations, none more extensively than the US. The solution is to prioritize security and defense over espionage and attack. 
Here’s what we know: Orion is a network management product from a company named SolarWinds, with over 300,000 customers worldwide. Sometime before March, hackers working for the Russian SVR — previously known as the KGB — hacked into SolarWinds and slipped a backdoor into an Orion software update. (We don’t know how, but last year the company’s update server was protected by the password “solarwinds123” — something that speaks to a lack of security culture.) Users who downloaded and installed that corrupted update between March and June unwittingly gave SVR hackers access to their networks. 
This is called a supply-chain attack, because it targets a supplier to an organization rather than an organization itself — and can affect all of a supplier’s customers. It’s an increasingly common way to attack networks. Other examples of this sort of attack include fake apps in the Google Play store, and hacked replacement screens for your smartphone."

Continue reading the article online

screengrab of https://www.schneier.com/
screengrab of https://www.schneier.com/


Thursday, December 24, 2020

Naked Security Live: "Watch out for Messenger scams!"

"IM and social media accounts feel less open to spammers and scammers than email - until a crook gets into a friend's account and sends from there..."
Direct video link = https://youtu.be/IzUZ6rBpOso

 

Wednesday, December 23, 2020

Cyber security: inside the hack of a journalist; extent of US Government penetration not known

From The Guardian: inside the hack of a journalist
"A series of abusive text messages sent to an Al Jazeera investigative programme were the first crumbs that eventually led to the discovery of an unprecedented hacking operation against dozens of staff from the Qatar-based media network, according to one of the journalists who was targeted.

Researchers at Citizen Lab at the University of Toronto claimed on Sunday that the UAE and Saudi Arabia used spyware sold by an Israeli private intelligence company to access the phones of at least 36 journalists, producers and executives from Al Jazeera, as well as that of a London-based reporter with the Al Araby network.

Traces of the cyber-attack were unearthed in July when a phone used by an Al Jazeera programme, The Tip of the Iceberg, exhibited suspicious network activity that was undetectable to its users."
Continue reading the article online
https://www.theguardian.com/media/2020/dec/22/revealed-how-abusive-texts-led-to-discovery-of-hacking-of-al-jazeera

From the New York Times: extent of US Government penetration not known
"The Russian hackers who penetrated United States government agencies broke into the email system used by the Treasury Department’s most senior leadership, a Democratic member of the Senate Finance Committee said on Monday, the first detail of how deeply Moscow burrowed into the Trump administration’s networks.

In a statement after a briefing for committee staff members, Senator Ron Wyden of Oregon, who has often been among the sharpest critics of the National Security Agency and other intelligence agencies, said that the Treasury Department had acknowledged that “the agency suffered a serious breach, beginning in July, the full depth of which isn’t known.”
Continue reading the article online (subscription may be required)
 
From the New York Times:
"President-elect Joseph R. Biden Jr. accused President Trump on Tuesday of “irrational downplaying” of the widespread hack of the federal government and American industries, saying that the current administration was denying him intelligence and warning Russia that he would not allow the intrusion to “go unanswered” after he takes office.

“This assault happened on Donald Trump’s watch when he wasn’t watching,” Mr. Biden said at a news conference in Delaware. “It is still his responsibility as president to defend American interests for the next four weeks, but rest assured that even if he does not take it seriously, I will.”

The direct critique was a remarkable departure from tradition, in which incoming presidents are careful about not second-guessing the actions of the incumbent. But Mr. Trump’s refusal to recognize Mr. Biden’s election victory, and his effort to subvert the results, has clearly poisoned elements of the transition process."
 Continue reading the article online (subscription may be required)
 
These articles add to the listing of "what we know and don't know" about the cyber attack
 

Saturday, December 19, 2020

"What we know – and still don’t – about the worst-ever US government cyber attack"

The Boston Globe has the following:

It’s going to take months to kick elite hackers widely believed to be Russian out of the US government networks they have been quietly rifling through since as far back as March in Washington’s worst cyberespionage failure on record.

Experts say there simply are not enough skilled threat-hunting teams to duly identify all the government and private-sector systems that may have been hacked. FireEye, the cybersecurity company that discovered the intrusion into US agencies and was among the victims, has already tallied dozens of casualties. It’s racing to identify more.

“We have a serious problem. We don’t know what networks they are in, how deep they are, what access they have, what tools they left,” said Bruce Schneier, a prominent security expert and Harvard fellow.

Continue reading the article online (subscription may be required)
 
While Franklin suffered from the spear phishing attack which resulted in a diverted payment, the attacker/nefarious character did not access the Franklin network. They used the person inside to do their work. The Russian hack into the major systems of some companies and several government agencies was sophisticated in planning as they apparently hit the supply chain for a piece of software used to protect networks. Once inside, the "trojan horse" allowed access and control. The scope and objective of the hack remains to be determined.
 
Related articles:

Multiple federal agencies have been targeted in a sweeping cyber attack. Photograph: Patrick Semansky/AP
Multiple federal agencies have been targeted in a sweeping cyber attack. Photograph: Patrick Semansky/AP


 

Tuesday, December 15, 2020

New York Times: Scope of Russian Hack Becomes Clear: Multiple U.S. Agencies Were Hit"

From the New York Times, an article of interest for Franklin:
"The scope of a hack engineered by one of Russia’s premier intelligence agencies became clearer on Monday, when some Trump administration officials acknowledged that other federal agencies — the State Department, the Department of Homeland Security and parts of the Pentagon — had been compromised. Investigators were struggling to determine the extent to which the military, intelligence community and nuclear laboratories were affected by the highly sophisticated attack.

United States officials did not detect the attack until recent weeks, and then only when a private cybersecurity firm, FireEye, alerted American intelligence that the hackers had evaded layers of defenses.

It was evident that the Treasury and Commerce Departments, the first agencies reported to be breached, were only part of a far larger operation whose sophistication stunned even experts who have been following a quarter-century of Russian hacks on the Pentagon and American civilian agencies."
Continue reading the article online (subscription may be required)

Monday, December 7, 2020

FM #407 Town Council Mtg - Spear Phishing Incident - 12/02/20 (audio)

FM #407 = This is the Franklin Matters radio show, number 407 in the series.

This session shares the Franklin, MA Town Council meeting held on Wednesday, Dec 2, 2020.

The meeting was conducted in a hybrid format: members of the Town Council, selected guests, and Town Administration personnel were in the Council Chambers, the public was remote via Zoom conference bridge, all to adhere to the ‘social distancing’ requirements of this pandemic period.

I’ve split the full four hour plus meeting into three logical segments:

  • First - covers the opening through the first public hearing on the tax rate and subsequent votes to approve 14.65% as the rate for FY 2021 (1 hour and 5 minutes)
  • Second - covers two of the public hearings; the Comcast contract renewal for 10 years, and the bylaw fee adjustment to reduce the fees for next year only to help the local restaurants during this COVID-19 pandemic period (36 mins)
  • Third - covers the presentation on the spear phishing incident through to the meeting close. There was a 4 minute recess during this segment, I did remove most of the silence to reduce the time for this segment (where I could) (2 hours and 17 minutes)

The show notes contain links to the meeting agenda including documents released for this agenda.

Let’s listen to this segment of the Town Council meeting of Dec 2, 2020. Audio file = https://www.hipcast.com/podcast/HWhvC47S




--------------

Agenda document (and released supporting materials in one PDF)
https://www.franklinma.gov/sites/g/files/vyhlif591/f/agendas/12-02-2020_town_council_agenda.pdf
 
Agenda details with individual documents  
https://www.franklinma.gov/town-council/agenda/december-2-town-council-meeting-tax-rate-hearing

Spear phishing update folder
https://franklinma.gov/administrator/pages/spear-phishing

My notes from the meeting
https://www.franklinmatters.org/2020/12/town-council-meeting-comcast-contract.html  

--------------

We are now producing this in collaboration with Franklin.TV and Franklin Public Radio (wfpr.fm) or 102.9 on the Franklin area radio dial. 

This podcast is my public service effort for Franklin but we can't do it alone. We can always use your help.

How can you help?
  • If you can use the information that you find here, please tell your friends and neighbors
  • If you don't like something here, please let me know
Through this feedback loop we can continue to make improvements. I thank you for listening.

For additional information, please visit Franklinmatters.org/

If you have questions or comments you can reach me directly at shersteve @ gmail dot com

The music for the intro and exit was provided by Michael Clark and the group "East of Shirley". The piece is titled "Ernesto, manana"  c. Michael Clark & Tintype Tunes, 2008 and used with their permission.

I hope you enjoy!

------------------
You can also subscribe and listen to Franklin Matters audio on iTunes or your favorite podcast app; search in "podcasts" for "Franklin Matters"

 

Police Chief TJ Lynch updates on the ongoing police investigation
Police Chief TJ Lynch updates on the ongoing police investigation

Saturday, December 5, 2020

Town Council Meeting: Comcast contract, Spear phishing update, tax rate set

Quick Recap:
  • Acting Town Clerk Nancy Danello reminds folks of the election Dec 5 
  • Discussion on election 'rules' raised during citizen comments - debunked in Council discussion later, there are MA MGL and US voting rights statues but not the '30 page or rules doc mentioned'
  • tax rate hearing was held. rate set at 14.65, a .14 cent increase of last year. The rate is a calculation that allows only a decision on a single rate or dual. Franklin is not in a position to use a dual rate so the Council voted for a single rate. The rest is a math exercise. I'll simplify the analysis later.
  • Comcast cable contract came up for renewal, new one has a ten year term (good for us) as it enables Franklin to chose between Verizon or Comcast (or 'cut the cord'). Almost 5,000 user for Comcast in Franklin. One of the cable fees on both the Verizon and Comcast bill is what funds the Franklin TV cable operations (and coincidently an item on the agenda Weds was the quarterly transfer of funds from Verizon through Town of Franklin to Franklin TV - purely a pass through for accounting purposes)
  • The bylaw to provide a reduction in license renewals for restaurants was approved at this second reading. It costs the Town approx. $13K in 'lost revenue' but will help each of the business in this pandemic period.
  • Insights on the cyber theft incident were provided (finally) as the investigation (still ongoing) had developed enough info to be able to share. It was a target attack to the Treasurer/Collector over two months of email that led to a change in the processing of a payment that resulted in the diversion of funds. It was discovered in Sept when the real legitimate vendor came looking for their promised payment that had not been received. 
    • The individual was suspended, salary reduced and will maintain position as this (while a significant mistake) was the only blemish on her work
    • At one point in the meeting she stood up to apologize publicly (well done) 
    • The investigation continues. The Town has obtained $200K from insurance to cover the loss. 
    • The balance will come from the emergency fund within the water enterprise account (already set aside for emergencies - usually for broken water mains)
    • There is a possibility of recovery of the funds. 
    • There is no need to raise rates to cover for the loss
    • Procedures were in place for creation of a wire transfer. Procedures will be modified to cover a change in a payment process.
    • Additional training on cyber awareness will be conducted. All Town side personnel and School department central office personnel are currently part of this regular training (oddly, teachers (the largest segment of Town employees are not yet covered))
  • After the presentation, a combined effort from Technology Director Tim Raposa, Police Chief TJ Lynch, and Town Administrator Jamie Hellen, the Council took a 3 minutes recess before getting into their Q&S and statements
  • The presentation doc was posted to the Town page after the meeting. Future updates can be found on the same page  https://www.franklinma.gov/administrator/pages/spear-phishing

Photos captured and shared via Twitter during the meeting can be found in one album  https://photos.app.goo.gl/gpptq8gBudNDT8dx6


----
As with most meetings in this pandemic period, I took my notes via Twitter during the meeting reporting in real-time via the virtual session.
 
The Twitter hashtag can be found online  #TC1202
https://twitter.com/search?q=%23tc1202&src=typed_query 
  • Real time reporting underway for the Town Council meeting #tc1202
  • New tagline for those connecting via cable and wanting the Zoom info #tc1202 visible on screen
  • Town clerk provides updates on election Dec 5 #tc1202 wheel chair available if necessary. All voting in FHS gym or via mail to the dropbox at municipal building before Saturday
  • TC candidate Alan Earls in citizen comment about election law and practices. Is there really a set of rules around the election? Other than the state MGL #tc1202
  • Moving to tax classification hearing #tc1202 house values increased 2.8% tax rate increase proposed for .14 cents. Doc with details https://franklinma.gov/sites/g/files/vyhlif591/f/mai/files/10a._20-68_0.pdf… TA Jamie Hellen introduces Assessor Kevin Doyle and Board of assessor present
  • Annual tax rate setting formally closes out the budget year FY 2021. #tc1202 really only (1) an approval of what the tax calculation comes out as and (2) a decision on single rate. Runs 80/20 residential vs commercial/industrial properties. To move $1 from residents …
  • As the pie grows (property values increase) the rate increase is less when the pie shrinks (property values decrease) the tax rate increases #tc1202 this slide shows the option if a dual rate was chosen
  • The actual math to support the $1 vs $4 example mentioned earlier
  • Council discussion adding clarification around the tax rate. This is an automatic calculation. Based upon the state law and prop 2 1/2 regulations there isn't much choice (aside from the dual tax rate). #tc1202 it is not an arbitrary number
  • Motion to close tax classification hearing. Approved 8-0 moving to Legislation on tax rates to close out this portion of the topic. #tc1202 https://franklinma.gov/sites/g/files/vyhlif591/f/mai/files/10a._20-68.pdf…. Motion to approve res 20-68, passes 8-0 https://franklinma.gov/sites/g/files/vyhlif591/f/mai/files/10b._20-69_resolution_-_tax_classification_open_space_exemption.pdf… same vote to pass res 20-69
  • https://franklinma.gov/sites/g/files/vyhlif591/f/mai/files/10c._20-70_resolution_-_tax_classification_small_business_exemption.pdf… motion passes by 8-0 vote; https://franklinma.gov/sites/g/files/vyhlif591/f/mai/files/10d._20-71_resolution_-_tax_classification_residential_property_exemption.pdf
  • Motion passes by 8-0 vote #tc1202
  • Next up public hearing on Comcast cable license, renewal for 10 year period, https://franklinma.gov/town-council/agenda-items/10e-legislation-action-28… 4219 customers, 5% allowed for cable access, quarterly payments to help support Franklin TV operations; senior discount available, #tc1202
  • TA Jamie Hellen provides overview #tc1202 do we need to commit for 10 year contract? Yes, there are other developments, there are almost 5000 customers here to serve. It is a reflection of the marketplace. It is in our interest to get longest contract.
  • Cable attorney provides insights and argument for the long term contract, it is a win-win for Franklin, this meeting and broadcast of it is funded by the contract. If folks aren't happy they can shift to Verizon or cut the service. Enforcing the license is the easy part #tc1202
  • The hard part is getting terms that work with both sides. Comcast has committed to a side letter on providing an electric program guide for Community TV. #tc1202 we provide the options Verizon and Comcast are here, competition, and if you cut cable go internet
  • Motion to close hearing on cable, 7-1 vote to close hearing (Bissanti?) (Hard to tell who voted no) #tc1202 https://franklinma.gov/sites/g/files/vyhlif591/f/mai/files/summary_of_franklin_comcast_cable_license_renewal_draft_from_atty_wm_solomon_11.30.20_pdf_2.pdf… res 20-72 vote passes 7-1
  • Moving to adjustment to service fees for restaurants, and alcohol license for season 2021 only https://franklinma.gov/sites/g/files/vyhlif591/f/mai/files/10f._20-863_fees.pdf… to help the business survive the pandemic. Costs the town approx $13k, second reading. Listing of business impacted in doc link above
  • Opened public hearing on bylaw, no comments other than Councilor Hamblen endorsing the move. Hearing closed, motion to approve #tc1202 via roll call 8-0
  • Picking back to the agenda, cyber incident now up. #tc1202 there is still an active situation with investigation underway. Resist speculation. Don't make up your own stories of what happen. Personnel matters can not be disclosed
  • Tim Raposa, technology director, starting with definitions. As much of what has been mentioned in social media is inaccurate. #tc1202
  • #tc1202 slides on definitions
  • #tc1202 segmented network with virtual lab areas, a key for security access. You can't get where you shouldn't. Anti-malware is not 100% perfect
  • Cyber security training for all users regularly #tc1202 key definition page as we get to phishing and spear phishing
  • #tc1202 funds were for the water treatment plant construction underway off Grove St. Town has taken several steps
  • Implementation of recovery and prevention started simultaneously in September #tc1202
  • #tc1202 we need to tell the agencies about what happened so that they can possibly solve this down the road. Insufficient evidence to pursue a case
  • Bonds are not insurance #tc1202
  • #tc1202 option to pursue the bond is too expensive. Need 'willful conduct' to pursue.
  • Chief Lynch comes to update and give Jamie a water break #tc1202 FPD needs helps as their jurisdiction is Franklin bound. Subpoena and search warrants take time to execute  and hindered by court reduction due to COVID-19
  • #tc1202 procedure changes and training (certificate based)
  • #tc1202 impressive statement by treasurer collector apologizing for the incident.
  • 3 minute recess before getting to council questions and continue the meeting #tc1202
  • #tc1202 meeting resumes
  • #tc1202 are there chances to get the money back? The investigation is ongoing, I don't want to give a false sense of confidence. Likely not to get it back. We should resist temptation until the case is fully resolved.
  • #tc1202 we need to make these trainings stick like the way sexual harassment training sticks.
  • #tc1202 new webpage off the Town Administrator page for presentation doc and docs related to this going forward.  https://franklinma.gov/administrator/pages/spear-phishing
  • #tc1202 how will training change to accommodate the changes in outside and technology to avoid further phishing events? The training is such that it is part of normal business email.
  • #tc1202 there was a lot of info and I'll go back and re-read, was there a comment on the water rate payers vs well water users? Yes, private well not part of enterprise funds. It could be approx. $30. There is no need to raise rates to cover.
  • #tc1202 Mercer "I apologize that it took so long to get to the point where we could share what we have tonight"
  • Good to see the lights out around town, would be good to get a list of the houses that are festively decorated. Motion to adjourn, passes 8-0. That is all for tonight catch you next time #tc1202 
 audio of the meeting is being prepared to share so you can listen.

Town Administrator Jamie Hellen
Town Administrator Jamie Hellen


Friday, December 4, 2020

National Tax Security Awareness Week, Day 4: Security Summit urges businesses to tighten security, offers new protections against identity theft

The Internal Revenue Service, state tax agencies and the tax industry urged businesses to be on guard as thieves try to use their stolen names and data to file fraudulent tax returns.

The partners, operating cooperatively as the Security Summit (https://www.irs.gov/newsroom/security-summit) to fight identity theft, marked the fourth day of National Tax Security Awareness Week with a warning to businesses to enact the strongest measures possible to protect their data and systems. The IRS also is planning additional steps to help businesses combat cybercriminals trying to steal their data.

“As the IRS and our partners have strengthened our security standards, identity thieves have looked for new ways to find sources of information, and businesses need to stay alert,” said IRS Commissioner Charles Rettig. “Businesses, just like individuals, can be victims of identity theft. Thieves may steal enough information to file a business tax return for refund or use other scams using the company’s identity.”

More than 70% of cyberattacks are aimed at businesses with 100 or fewer employees. Thieves may be targeting credit card information, the business identity information or employee identity information.

Business are encouraged to follow best practices from the Federal Trade Commission include:
 -   Set your security software to update automatically
 -  Back up important files
 -   Require strong passwords for all devices
 -   Encrypt devices
 -   Use multi-factor authentication

More information is available at FTC’s Cybersecurity for Small Businesses (https://www.ftc.gov/tips-advice/business-center/small-businesses/cybersecurity).

Businesses should especially be alert to any COVID-19 or tax-related phishing email scams that attempt to trick employees into opening embedded links or attachments. IRS related scams may be sent to phishing@irs.gov.

Starting Dec. 13, 2020, the IRS will begin masking sensitive information from business tax transcripts, the summary of corporate tax returns, to help prevent thieves from obtaining identifiable information that would allow them to file fake business tax returns.

Only financial entries will be fully visible. All other information will have varying masking rules. For example, only the first four letters of each first and last name – of individuals and businesses – will display. Only the last four digits of the Employer Identification Number will be visible.

The IRS also has publicly launched the Form 14039-B, Business Identity Theft Affidavit (https://www.irs.gov/pub/irs-pdf/f14039b.pdf), that will allow companies to proactively report possible identity theft to the IRS when, for example, the e-filed tax return is rejected.

Businesses should file the Form 14039-B if it receives a:
 -   Rejection notice for an electronically filed return because a return already is on file for that same period.
 -   Notice about a tax return that the entity didn't file.
 -   Notice about Forms W-2 filed with the Social Security Administration that the entity didn't file.
 -   Notice of a balance due that is not owed.

This form will enable the IRS to respond to the business much faster than in the past and work to resolve issues created by a fraudulent tax return. Businesses should not use the form if they experience a data breach but see no tax-related impact. For more information, see Identity Theft Central’s Business section (https://www.irs.gov/identity-theft-central).

Although the tax scams can come and go, all employers should remain alert to Form W-2 theft schemes. In the most common version, a thief poses as a high-ranking company executive who emails payroll employees and asks for a list of employees and their W-2s. Businesses often don’t know they’ve been scammed until a fraudulent return shows up in employees’ names.

There is a special reporting procedure for employers who experience the W-2 scam. It also may be found at Identity Theft Central’s Business section
(https://www.irs.gov/identity-theft-central).

Finally, Security Summit partners urge businesses to keep their EIN application information current. Changes of address or responsible party may be reported using Form 8822-B (https://www.irs.gov/forms-pubs/about-form-8822-b).
 
Reminder: Changes in the responsible party must be reported to the IRS within 60 days. Current information can help the IRS find a point of contact to resolve identity theft and other issues.

The IRS, state tax agencies, the private sector tax industry, including tax professionals, work in partnership as the Security Summit to help protect taxpayers from identity theft and refund fraud. This is the third in a week-long series of tips to raise awareness about identity theft. See IRS.gov/securitysummit for more details. 
 
 IRS YouTube Video:  https://youtu.be/ELzTL6hQKQc   New Security Measures Help Protect Against Tax-Related Identity Theft 

Thursday, December 3, 2020