IRS.GOV

If you’re an American and haven’t yet created an account at irs.gov, you may want to take care of that before tax fraudsters create an account in your name and steal your personal and tax data in the process. [USE LINK ABOVE TO GO TO IRS.GOV AND SELECT ONLINE TRANSCRIPT]

Recently, KrebsOnSecurity heard from Michael Kasper, a 35-year-old reader who tried to obtain a copy of his most recent tax transcript with the Internal Revenue Service(IRS). Kasper said he sought the transcript after trying to file his taxes through the desktop version of TurboTax, and being informed by TurboTax that the IRS had rejected the request because his return had already been filed.

Kasper said he phoned the IRS’s identity theft hotline (800-908-4490) and was told a direct deposit was being made that very same day for his tax refund — a request made with his Social Security number and address but to be deposited into a bank account that he didn’t recognize.

“Since I was alerting them that this transaction was fraudulent, their privacy rules prevented them from telling me any more information, such as the routing number and account number of that deposit,” Kasper said. “They basically admitted this was to protect the privacy of the criminal, not because they were going to investigate right away. In fact, they were very clear that the matter would not be investigated further until a fraud affidavit and accompanying documentation were processed by mail.”

In the following weeks, Kasper contacted the IRS, who told him they had no new information on his case. When he tried to get a transcript of the fraudulent return using the “Get Transcript” function on IRS.gov, 

He learned that someone had already registered through the IRS’s site using his Social Security number and an unknown email address.

he learned that someone had already registered through the IRS’s site using his Social Security number and an unknown email address.

 

“When I called the IRS to fix this, and spent another hour on hold, they explained they could not tell me what the email address was due to privacy regulations,” Kasper recalled. “They also said they could not change the email address, all they could do was ban access to eServices for my account, which they did. It was something at least.”

FORM 4506

Undeterred, Kasper researched further and discovered that he could still obtain a copy of the fraudulent return by filling out the IRS Form 4506 (PDF) and paying a $50 processing fee. Several days later, the IRS mailed Kasper a photocopy of the fraudulent return filed in his name — complete with the bank routing and account number that received the $8,936 phony refund filed in his name.

“That’s right, $50 just for the right to see my own return,” Kasper said. “And once again the right hand does not know what the left hand is doing, because it cost me just $50 to get them to ignore their own privacy rules. The most interesting thing about this strange rule is that the IRS also refuses to look at the account data itself until it is fully investigated. Banks are required by law to report suspicious refund deposits, but the IRS does not even bother to contact banks to let them know a refund deposit was reported fraudulent, at least in the case of individual taxpayers who call, confirm their identity and report it, just like I did.”

Kasper said the transcript indicates the fraudsters filed his refund request using the IRS web site’s own free e-file website for those with incomes over $60,000. It also showed the routing number for First National Bank of Pennsylvania and the checking account number of the individual who got the deposit plus the date that they filed: January 31, 2015.

Kasper said he can’t prove it, buthe believes the scammers obtained that W2 data directly from the IRS itself, after creating an account at the IRS portal in his name (but using a different email address) and requesting his transcript.

The transcript suggests that the fraudsters who claimed his refund had done so by copying all of the data from his previous year’s W2, and by increasing the previous year’s amounts slightly. Kasper said he can’t prove it, but he believes the scammers obtained that W2 data directly from the IRS itself, after creating an account at the IRS portal in his name (but using a different email address) and requesting his transcript.

“The person who submitted it somehow accessed my tax return from the previous year 2013 in order to list my employer and salary from that year, 2013, then use it on the 2014 return, instead,” Kasper said. “In addition, they also submitted a corrected W-2 that increased the withholding amount by exactly $6,000 to increase their total refund due to $8,936.”

MONEY MULING

On Wednesday, March 18, 2015, Kasper contacted First National Bank of Pennsylvania whose routing number was listed in the phony tax refund request, and reached their head of account security. That person confirmed a direct deposit by the IRS for $8,936.00 was made on February 9, 2015 into an individual checking account specifying Kasper’s full name and SSN in the metadata with the deposit.

“She told me that she could also see transactions were made at one or more branches in the city of Williamsport, PA to disburse or withdraw those funds and that several purchases were made by debit card in the city of Williamsport as well, so that at this point a substantial portion of the funds were gone,” Kasper said. “She further told me that no one from the IRS had contacted her bank to raise any questions about this account, despite my fraud report filed February 9, 2015.”

The head of account security at the bank stated that she would be glad to cooperate with the Williamsport Police if they provided the required legal request to allow her to release the name, address, and account details. The bank officer offered Kasper her office phone number and cell phone to share with the cops. The First National employee also mentioned that the suspect lived in the city of Williamsport, PA, and that this individual seemed to still be using the account.

Kasper said the local police in his New York hometown hadn’t bothered to respond to his request for assistance, but that the lieutenant at the Williamsport police department who heard his story took pity on him and asked him to write an email about the incident to his captain, which Kasper said he sent later that morning.

Just two hours later, he received a call from an investigator who had been assigned to the case. The detective then interviewed the individual who held the account the same day and told Kasper that the bank’s fraud department was investigating and had asked the person to return the cash.

“My tax refund fraud case had gone from stuck in the mud to an open case, almost overnight,” Kasper sad. “Or at least it seemed to be that simple. It turned out to be much more complex.”

For starters, the woman who owned the bank account that received his phony refund — a student at a local Pennsylvania university — said she got the transfer after responding to a Craigslist ad for a moneymaking opportunity.

Kasper said the detective learned that money was deposited into her account, and that she sent the money out to locations in Nigeria via Western Union wire transfer, keeping some as a profit, and apparently never suspecting that she might be doing something illegal.

“She has so far provided a significant amount of information, and I’m inclined to believe her story,” Kasper said. “Who would be crazy enough to deposit a fraudulent tax refund in their own checking account, as opposed to an untraceable debit card they could get at a convenience store. At the same time, wouldn’t somebody who could pull this off also have an explanation like this ready?”

The woman in question, whose name is being withheld from this story, declined multiple requests to speak with KrebsOnSecurity, threatening to file harassment claims if I didn’t stop trying to contact her. Nevertheless, she appears to have been an unwitting — if not unwilling — money mule in a scam that seeks to recruit the unwary for moneymaking schemes.

ANALYSIS

The IRS’s process for verifying people requesting transcripts is vulnerable to exploitation by fraudsters because it relies on static identifiers and so-called “knowledge-based authentication” (KBA)  — i.e., challenge questions that can be easily defeated with information widely available for sale in the cybercrime underground and/or with a small amount of searching online.

To obtain a copy of your most recent tax transcript, the IRS requires the following information: The applicant’s name, date of birth, Social Security number and filing status. After that data is successfully supplied, the IRS uses a service from credit bureau Equifaxthat asks four KBA questions. Anyone who succeeds in supplying the correct answers can see the applicant’s full tax transcript, including prior W2s, current W2s and more or less everything one would need to fraudulently file for a tax refund.

The KBA questions — which involve multiple choice, “out of wallet” questions such as previous address, loan amounts and dates — can be successfully enumerated with random guessing. But in practice it is far easier, said Nicholas Weaver, a researcher at theInternational Computer Science Institute (ICSI) and at the University of California, Berkeley.

“I did it twice, and the first time it was related to my current address, one old address question, and one ‘which credit card did you get’ question,” Weaver said. “The second time it was two questions related to my current address, and two related to a car loan I paid off in 2007.”

The second time round, Weaver said a few minutes on Zillow.com gave him all the answers he needed for the KBA questions. Spokeo solved the “old address” questions for him with 100% accuracy.

“Zillow with my address answered all four of them, if you just assume ‘moved when I bought the house’,” he said. “In fact, I NEEDED to use Zillow the second time around, because damned if I remember when my house was built.  So with Zillow and Spokeo data, it isn’t even 1 in 256, it’s 1 in 4 the first time around and 1 in 16 the second, and you don’t need to guess blind either with a bit more Google searching.”

If any readers here doubt how easy it is to buy personal data on just about anyone, check out the story I wrote in December 2014, wherein I was able to find the name, address, Social Security number, previous address and phone number on all current members of the U.S. Senate Commerce Committee. This information is no longer secret (nor are the answers to KBA-based questions), and we are all made vulnerable to identity theft as long as institutions continue to rely on static information as authenticators. See my recent story on Apple Pay for another reminder of this fact.

Unfortunately, the IRS is not the only government agency whose reliance on static identifiers actually makes them complicit in facilitating identity theft against Americans. The same process described to obtain a tax transcript at irs.gov works to obtain a free credit report from annualcreditreport.com, a Web site mandated by Congress. In addition, Americans who have not already created an account at the Social Security Administration under their Social Security number are vulnerable to crooks hijacking SSA benefits now or in the future. For more on how crooks are siphoning Social Security benefits via government sites, check out this story.

Kasper said he’s grateful for the police report he was able to obtain from the the Pennsylvania authorities because it allows him to get a freeze on his credit file without paying the customary $5 fee in New York to place and thaw a freeze.

Credit freezes prevent would-be creditors from approving new lines of credit in your name — and indeed from even being able to view or “pull” your credit file — but a freeze will not necessarily block fraudsters from filing phony tax returns in your name.

Unless, of course, the scammers in question are counting on obtaining your tax transcripts through the IRS’s own Web site. According to the IRS, people with a credit freeze on their file must lift the freeze (with Equifax, at least) before the agency is able to continue with the KBA questions as part of its verification process.

This entry was posted on Monday, March 30th, 2015 at 12:23 am and is filed under A Little Sunshine, The Coming Storm, Web Fraud 2.0. 

New SPAM wave of Locky Malware

Yet another variant of malware to encrypt the files on your computer, making them inaccessible until you pay the hackers a ransom for the decryptor.  This recently discovered variant of theLocky uses Encrypted JScript files to avoid detection by firewalls and anti-malware/antivirus programs.

 

 

 

The Malware encrypts the victims files with a strong RSA 2048 encryption algorithm until the victim pays a large fee to get them back.

 

Our network security appliances and periodic maintenance plans can prevent this type of costly interruption to your business.

Contact us today for a free evaluation and estimate!

Managed Services

 

Managed Services is the practice of outsourcing day-to-day IT management and computer network technical support as a cost-effective method for improving business operations, instead of having a full-time on-staff IT personnel. A company like Starkville Computers / Mainstream Technologies, that provides such services are called Managed Services Providers (MSP).

 

You are an ideal client for Managed Services if:

· You rely on your computer network, e-mail, database applications, and Internet access to properly support your clients and daily business processes

· Do not have sufficient staff or time to formally deal with proper computer network maintenance, updates and repairs

· Want to pay one monthly flat fee for services to maintain your computer network environment

We now have a plethora of new offerings on top rated platforms for:

  • Cyber security training

  • EDR / XDR Antivirus Antimalware

  • Enahanced Managed Email Security and/or Encryption

  • Artificial intelligent network monitoring

  • Compliance assistance for any industry or field

 

Benefits of Managed IT
 

Money Savings: our Managed IT Services program saves you money by helping minimize expensive network disasters and keep your computer environment running smoothly

Proactive Solutions: Our clients experience better performance, fewer glitches, and practically zero downtime. The managed services program helps detect these problems early thus prevent them from escalating into more expensive repairs and downtime

Access to Professional IT Staff: clients can feel as though they have an in-house IT staff — without the full-time employee costs. As a Managed Service client, you will have access to a knowledgeable of support staff that can be reached immediately if you have any kind of computer problem or question

Predictable Spending: Managed Service clients receive substantial discounts on IT services. Under this program, clients pay one flat affordable rate and get all of the technical support needed, provided your hardware is under warranty.

Faster Response Time: Our clients receive faster response time support. Through our enterprise class monitoring and remote management systems, we have the ability to access and repair most network problems right from our NOC. If we cannot fix it from our NOC, in most cases we dispatch a technician to your office the same day.

Vendor Management: We deal with the hardware and software vendors and “speak geek” on your behalf

Peace of Mind: As a Managed Service client, you gain incredible peace of mind, having the knowledge that Mainstream Technologies is making sure everything pertaining to your network security and reliability is handled properly, so you don’t have to worry about it.
Your job is to keep your business up and running, leave your computer environment up to us!

3 Facebook scams spreading like widlfire!

What online site lets crooks, hucksters, and scammers potentially reach more than a billion people with a single post? You guessed it, Facebook. Right now, three specific Facebook scams are rampant. If my News Feed is any indication, normally “smart” people are falling for them. Don’t be one of those people.
1. "SECRET SISTERS" HOLIDAY GIFT SCAM
Here's a fantastic deal: Buy a $10 holiday gift and send it to one person. In return, you'll get up to 36 gifts back. Who wouldn't want to get 36 gifts, especially if they're these must-have tech gifts?
This generous offer is courtesy of something called the "secret sisters gift exchange." There's also a similar post going around focused on a book exchange for kids, but the basic premise is the same.
The instructions clearly detail a classic two-deep pyramid scheme. You begin by sending a gift to the first secret sister. Then, move the second secret sister to the first position, send the instructions to six other ladies, and on and on. At the end, you’re promised gifts in about two weeks. Well, how lucky are you!
Stop right there. With each level, you need more people to keep it going. By the time you hit the 11th level, you need the entire population of the United States participating to make it work. Even at the 4th or 5th level, the odds of getting even one gift back after you send one are very slim.
 Then there's the fact that pyramid schemes are illegal and might get you fined or imprisoned. The federal government and many states also have laws against these kinds of schemes.
How to avoid this scam:
Keep in mind that anyone offering a huge return on any investment is probably trying to fool you.
You don’t get something for nothing. Of course, if it sounds too good to be true, it is.

2. LOTTERY SCAM
If you get a message from a Facebook friend saying that they've won a $30,000 lottery on Facebook, watch out. That's exactly what happened to a woman in Nevada, and to plenty of other people around the country.
In the case of the woman from Nevada, someone on Facebook named Theresa Paddock contacted her to tell her she won the lottery. To get her money, however, she'd have to wire $150 to cover "insurance" and other fees. She did, but didn't get her winnings. Instead, an unknown man started reaching out to her to try and get more money from her.
The same scam also happened to an Indiana woman. In the case of the Indiana woman, she wired $850, and then got asked to wire more to get an even bigger prize. Of course, in her case hackers had taken over a friend's Facebook page and were using that relationship to trick her. In both cases, the victims aren't going to see their money again.
How to avoid this scam:
If a friend tells you they won something and you can too, call or email them and make sure you're actually talking to them.
Don't send money to someone with the promise of getting money or a prize back. It's called an "Advanced fee" scam, and it never ends well.
Never wire money to anyone, whether it's through Western Union, MoneyGram or another service. Once you wire money, it's gone forever.
Watch out for other versions of the lottery scam targeting Powerball and Mega Millions players, like this one.

3. AIRLINE TICKET SCAM
If you're in the mood for travel, you might be tempted with the news that British Airways is giving away free flights for a year. You just have to share the photo, like the page and comment to win. It's even coming from the "British Air" Facebook page, so it must be legitimate, right? Nope. It's also a scam.
Sadly, this is a common scam, often using Delta. The two latest "Delta" scams tricked 65,000 and 22,000 people respectively. "Virgin Airlines" was also offering free tickets for a year if you liked its page. "Qantas" had a similar thing happen back in March. That scam got 100,000 people to share it.
How to avoid this scam:
Your first clue this isn't a legitimate offer is that British Airways' real name is "British Airways." If you see "British Air," "British Airway" or some other variation on Facebook, you're looking at a fake.
The real airline page will have a blue checkmark next to the name indicating it's a verified profile. You can see an example over at my Facebook page. Just be sure to hover your mouse over the checkmark. It should pop up a little box that says "Verified Page." If it doesn't, then it's part of the background image and you're on a fake page.
Very few companies run contests exclusively using Facebook. If a company posts about a contest, you usually need to click a link to visit a contest sign-up page, like my annual Great Giveaway where I'm giving away trips, tablets, gift cards and more.
Even if a Facebook post has a link to a standalone contest page, still check that it's really a contest from that company by finding the contest through the company's home page. It could just be a more elaborate scam designed to get your information.

Bonus: Another ticket scam
The scam above isn't the only airline ticket scam. Occasionally people will post on Facebook groups saying that they have a $200 (or another amount) voucher for an airline that they can't use before it expires. It's your lucky day because they're willing to sell it to someone for half price!
Of course, if you do send the person the money (often requested as a wire transfer), you'll never get the voucher.


Copyright © 2015 komando.com. All Rights Reserved.

Businesses, STOP Buying Computers From Big Box Stores!

#4 is the kicker folks!  We are BOOMING by replacing hard drives and motherboards in $299 computers bought at big box stores!  The consumer has the machine for 3 months, and comes to us with failing hardware (because the 60-90 day warranty is long expired allowing them to return it to the store).  I know... we shouldn't have any mercy for them, but do the best we can to help, discounting labor and hardware, but they still end up spending over $200 to get the 'new' machine operational again... and bear in mind that it is STILL a sub-standard computer with obsolete parts!  At least come see us for some free advice, and take a look at our selection of business-class computers, even if you just need a simple computer for surfing the web and checking email at home!  You will come out much better in the long run!

https://cwl.cc/2012/11/businesses-stop-buying-computers-from-big-box-stores.html

 

Stop targeted ads

If you browse the Internet at all, you've definitely run into targeted ads. For example, you'll be looking at a product on one site, and then see an ad for it right away on another site. We've seen situations where a YouTube video will play an ad for the site you just opened in another browser tab. Creepy! Let's look at how it works and how you can stop it.

How it works
Most websites get their ads from ad networks. Each ad network puts a bit of code called a "cookie" on your computer. When you visit one of the member sites, the site recognizes the cookie and lets the ad network know where you are so it can send you personalized ads.

Even worse, the member sites share what you do on their sites to build a database of what you like and don't like, or even specific items you looked at. This makes it easier for the ad network to send you ads that it thinks you'll click on.

Where it really gets scary is when you add Facebook into the ad network. Most websites have to figure out what you're thinking based on what you do. On Facebook, you tell it exactly what you're thinking.

Every "like," news story click, status update and photo caption you put in Facebook is a bit of information that advertisers would love to add to your file. And you'd be surprised how much money it can make them.

In 2013, online tracking and targeted advertising practice helped Internet advertisers rake in a staggering $42.8 billion. And for 2014, that climbed to $49.45 billion, or a 15% jump.

Naturally, you don't see a penny of it. You're just concerned with what happens to your information if a shady employee or hacker gets a hold of it. Or you just don't like the idea of being tracked.

How to stop the tracking
I've told you in the past about how to opt out of Facebook's tracking and targeted ads though the ad network it's a part of, the Digital Advertising Alliance. However, Facebook has now added this feature to its own settings.

To opt out of Facebook showing you targeted ads from other sites, or from seeing Facebook's ads on other sites, open your Facebook page and click the upside-down triangle in the upper right corner. Select "Settings" and then in the left-hand column select "Ads."

You'll see the new "Ads based on my use of websites and apps" setting. Click the "Edit" link, and then click the "Choose Setting" button and select "Off." You only have to do this once and it will apply to every gadget where you sign in with the same Facebook username.

Now, this won't stop Facebook from showing you targeted ads based on information it collects about you. However, it won't get any of your information from its partners, and it shouldn't send any of your information to advertisers.

While you're in the ad settings area, you'll also want to change "Ads with my social actions" to "No one" so Facebook can't use your name in advertising. You can also change your preferences to control what kind of ads Facebook shows you.

While this is good for dealing with targeted ads on Facebook, however, it doesn't stop the rest of the 120 companies in the Digital Advertising Alliance from collecting your information and showing you targeted ads.

To make that stop, click here to visit the Digital Advertising Alliance's tracking opt-out tool. The tool will scan your computer to see what companies are already customizing ads to target you. It can also tell if you've opted out of any online tracking for those companies in the past.

It's simple to choose a few companies and sites, like Facebook, where you don't want to see targeted ads. Or you can click the "Choose all companies" button at the bottom to opt out of targeted ads for every participating network member. Simple!

Now, opting out also doesn't stop these sites from collecting some information about you, but it does mean they won't share it with other companies. So, you won't see ads in Facebook for things you've looked for on Amazon or eBay. It also limits what any one company potentially knows about you, and keeps a single ad company from building up a detailed profile.

Because tracking is cookie-based, so is opting out. The site will put a cookie in your browser saying you don't want to be tracked. This means you'll need to run the tool in every browser you use so they're all covered.

There are still many companies online that don't participate in the Digital Advertising Alliance, so opting out won't change the way they behave. 

Your browser isn't the only way advertisers can track you on your mobile gadget. There are also ads in apps.

You shouldn't only be worried about what advertisers and Facebook can see about you.

Strangers could find out more about you than you think if you have the wrong Facebook security settings.
-Komando 10/4/15

Come visit our store or contact us on our contact page for issues with personal computers... give us a  call to schedule an onsite service call for your business!

Data stealing trojan found in the wild

We have received reports of a Trojan which leaves no trace behind and steals information from the infected system which is spreading in the wild.  The Trojan is described as an application in Chinese, named Aspirate.

It replicates, creates auto-start items in your computer's registry, AND disables your System Restore feature.  It executes commands to delete any current system backups, then tries to steal information saved on your computer and encrypts it before sending it to their servers.

MainStream Technologies can quickly implement an Antivirus and Intrusion Prevention strategy which provides protection against this and other threats, new and old.

Call us today for a free evaluation and quote!

(866) 808-6907

 

Windows 10 Upgrade Warning

Although we have tested Windows 10, and haven't seen any MAJOR problems with the operating system itself (from a clean installation)... we do have one machine in the shop now that has experienced major data loss due to the customer's attempt to upgrade from Windows 7 to Windows 10.  So, before you attempt to do an 'in place upgrade'... if you have data you do not want to potentially lose (pictures, documents, email, etc.)... BACKUP-BACKUP-BACKUP before attempting the free upgrade!!!  If you do not know how to backup all your data, or are unsure, we have backup and imaging services and/or can perform your upgrade for you to ensure you have no catastrophic data loss - and to ensure your computer is working smoothly with Windows 10!  Call or contact us today for more information!

Microsoft themselves state that with Windows 10, not all 64-bit CPUs will work as expected!

15 Jul 2015 at 10:37, Stuart Burns

Throughout my career I have seen many Windows releases with minimum requirements that were a little bit deceiving. Sure, the machines would boot, but you would sometimes have enough time to brew a fresh pot of coffee before the computer was in a usable state.

That usable state excluded any applications you wanted to run on top of the OS. Around the Windows 95 and 98 era, this experience wasn’t pleasant if the hardware was close to the minimum requirements.

You quickly found out how patient your users were if you didn’t give them a PC that worked at a reasonable speed. In current times, with even the most lowly machines having multiple cores and running at multiple gigahertz, it shouldn’t be a problem... right?

So with Windows 10 round the corner, and Microsoft doling it out as a free (for now) upgrade to users of Windows 7 and 8, everyone should be able to upgrade to Windows 10 with no problems... right?

Setting aside the actual usability of Windows 10 itself, the answer to the question from the hardware perspective at least is: “Probably, with caveats.” What can you, as the administrator, do before Windows 10 lands to make sure you and your company are prepared?

Even machines four or five years old will meet the minimum specs. The hardware minimums are:

1. 1GHz CPU

2. 1GB for 32 bit version, 2GB for 64 bit

3. 16GB free disk space

4. DirectX 9 driver that is WDDM approved

Microsoft has defined the minimum specifications for Windows 10 on their website. Alongside the minimum requirements is a statement that any machine running Windows 8.1 should be capable of running Windows 10. That is quite a bold statement to make. Only time will tell if this statement turns out to be true.

To those people who, by choice or need, are still running Windows 7, no such guarantee or statement has been made. As long as the machine – or machines – in question meet the minimum specifications, it will be the long-used “suck it and see” approach. If the upgrade doesn’t go as planned, however, Microsoft has provided a roll back mechanism. It should prove useful for those machines that don’t work as expected or for users who decide Windows 10 is not for them.

Hello there Windows 10
The new look for your Windows 7 PC?
One problem that I suspect a lot of Windows 7 upgraders may face is the fact that the hardware or peripherals that were purchased when Windows 7 came out almost six years ago will have little to no chance of having the correct Windows 10 drivers available, given the speed with which add-on hardware becomes obsolete. Sure, some Windows 8 drivers may work but even then it would be touch-and-go as to whether they work as expected.

Please contact us for more information on upgrading or purchasing a computers with Windows 10!