 |
|
 |
 |
| 12/27 - Avoiding E-greeting Card Scams |
The goal of phishing is theft of money and personal information. E-greeting cards have become a popular way to reach out to friends and family at holiday time and on special occasions. Cyber-scammers also take advantage of the growing popularity of e-cards by duping consumers into downloading malware.
You can safeguard yourself, your friends, and your family against e-card scams by following the tips below.
1. Don't open attachments: Most legitimate e-cards are links to the company's website that allow you to go directly to your card. Avoid attachments and don't download anything from a source you don't recognize.
2. When in doubt, delete: If something looks a little strange or “phishy,” such as the name of the sender or vague subject lines, just delete the card. It's better to do that than run the risk of getting a virus.
3. Know where you’re going online: Use security software* that detects sites that push online scams, adware installations, attachments filled with viruses and other downloads that could harm your system.
4. Know what to look for: While most e-card scams actually look legitimate, there are usually some telltale signs to look for. Watch out for misspelled words or names, not knowing who sent you the card, a disguised name (such as Your Friend, A Secret Admirer, etc.), or an odd URL.
5. Always read the fine print before accepting any terms: Make sure you actually read the fine print before agreeing to anything. Some e-card scams list in their terms that they can send e-mail to everyone in your address book. Make sure you know what you are agreeing to.
source: SlamTheOnlineScam |
|
|
 |
|
 |
|
|
|
|
| 12/22 - A Good Reminder Regarding Online Job Search Scams |
As the number of people conducting online job searches, the Consumer Protection Board warned consumers to be very suspicious of e-mail job offers looking legitimate but containing multiple grammatical and spelling errors, asking for personal information such as Social Security numbers or bank account information and requiring upfront processing fees for things like background checks as these can lead to identity theft.
Particularly troubling for job hunters is a "Phishing scam" involving e-mails allegedly sent from websites where, after creating an account on sites like Monster.com or Careerbuilder.com, job hunters receive a response indicating a problem. These e-mails con readers into linking to a site, which then infects computers with viruses, worms and other harmful programs, leaving consumers without a job and without a functioning computer.
Additional Resource
PrivacyRights.org - Avoiding Online Job Scams
|
|
|
|
|
|
|
|
|
|
| 11/24 - Virus Prompts Pentagon to Ban External Flash Drives |
A new malware outbreak is being spread via USB keys. The US Computer Emergency Response Team (US-Cert) is warning users and administrators to be on the lookout following a rise in incidents. USB drive attacks are on the rise again...
The Defense Department has banned the use of removable flash media and storage devices from all government computers, at least temporarily, according to messages that were sent to department employees informing them of the new restrictions. The Pentagon was collecting any of the small flash drives that were purchased or provided by the department to workers, according to a message distributed to employees. However, DOD officials at the Pentagon have not confirmed the ban.
The Pentagon has acknowledged that its vast computer network is scanned or probed by outsiders millions of times each day. DOD’s Global Information Grid includes more than 17,000 local- and regional-area networks and approximately 7 million individual computers.Military leaders have warned of potential threats from a variety of sources including other countries (i.e. China), along with other independent hackers and terrorists.
For more information:
DOD bans the use of removable, flash-type drives
AP: Pentagon bans computer flash drives
|
|
|
|
|
|
|
|
|
|
| 11/18 - Thick Accent Got You Wondering? |
In the great melting pot that is our America, there are many people whose speech is accented and don't sound like "typical" Americans. As a security clearance holder, you have every right to be cautious about who you talk to regarding your credentials. If you get a phone call from a recruiter or HR representative and they have a non-U.S. accent, you should openly ask them if they are a U.S. citizen and not feel apprehensive about the line of questioning. As you will find, many people you speak to regarding new job opportunities are full, legal U.S. citizens - yet they were born in another country. Even so, don't hesitate to ask for their credentials and nationality as they will surely ask you.
On ClearanceJobs.com, we require all employers requesting access to our service to be full U.S. citizens. Furthermore, they cannot access the ClearanceJobs.com site from outside the 50 states. |
|
|
|
|
|
|
|
|
|
| 11/13 - New CareerBuilder Email Going Around |
A new phishing scam email is going around, this time targeted to look like it came from CareerBuilder.com. Using the CareerBuilder logo and colors, this is a phishing email that is more dangerous than others as it looks fairly authentic. Text is as follows:
Dear job seekers!
Apply for the job. We recommend this position.
JobDescription
We are looking for people who can control the payment of our customers from your state / region. The responsibilities of work included compiling monthly reports on the overall turnover of funds, sending documents on each transfer.
We offer you confidentially as you conduct a search to meet your career goals and we can help you to understand and communicate what makes you stand out in a crowd.
My role is to find the best candidates to meet the needs of my clients. You could be just the person I'm looking for.
Job Requirements
As a Financial Representative, you are responsible for all aspects of operation, including customer relations, team management, financial management and team recognition/retention, to name a few.
Minimum qualifications include:
• Well developed analytical, communication, and interpersonal skills
• Strong operational background and knowledge
• Exceptional people skills
• Problem solving skills
• Top notch communication and writing skills
• A drive to be the best
APPLY NOW
Please send your Resume only to e-mail: TEXTREMOVED@gmail.com
A number of critical items are missing including an opt-out link which is always seen on legitimate emails, a footer with an address, a phone number, etc. The "free" email account (in this case, a GMAIL account), lack of real requirements, and poor grammar are other signs this is fake. Don't fall for phishing scams, even if they look real. Check them out before responding.
|
|
|
|
|
|
|
|
|
|
| 10/31 - Job Commander Phishing Email |
Similar to recent phishing emails purported to be from CareerBuilder.com, eBay.com, and Monster.com, there are emails floating around the internet claiming to be from ClearanceJobs.com. The emails have the words "job commander" in them, along with a URL weblink to an .exe file.
Phishing is the practice of luring unsuspecting Internet users to a fake Web site by using an authentic-looking e-mail in an attempt to steal passwords, account information or other sensitive data.
Obviously, these emails are not from ClearanceJobs.com and we have no association with the fake notices. If you receive these emails, delete them. Do not click on the link or reply to it.
As good practice, any link in an email could potentially be a virus. Ensure your computer is up-to-date with the most current antivirus software and system security patches.
Don't forget - it is incredibly easy to send an email and "pretend" it is from someone else. This is called "spoofing" and is a common practice on the net.
|
|
|
|
|
|
|
|
|
|
| 10/27 - Debunking Some Common Myths |
The United States Computer Emergency Readiness Team (US-CERT) presents some common myths that may influence your online security practices. Knowing the truth will allow you to make better decisions about how to protect yourself.
What are some common myths, and what is the truth behind them?
* Myth: Anti-virus software and firewalls are 100% effective.
Truth: Anti-virus software and firewalls are important elements to protecting your information. However, neither of these elements are guaranteed to protect you from an attack. Combining these technologies with good security habits is the best way to reduce your risk.
* Myth: Once software is installed on your computer, you do not have to worry about it anymore.
Truth: Vendors may release patches or updated versions of software to address problems or fix vulnerabilities. You should install the patches as soon as possible; some software even offers the option to obtain updates automatically. Making sure that you have the latest virus definitions for your anti-virus software is especially important.
* Myth: There is nothing important on your machine, so you do not need to protect it.
Truth: Your opinion about what is important may differ from an attacker's opinion. If you have personal or financial data on your computer, attackers may be able to collect it and use it for their own financial gain. Even if you do not store that kind of information on your computer, an attacker who can gain control of your computer may be able to use it in attacks against other people.
* Myth: Attackers only target people with money.
Truth: Anyone can become a victim of identity theft. Attackers look for the biggest reward for the least amount of effort, so they typically target databases that store information about many people. If your information happens to be in the database, it could be collected and used for malicious purposes. It is important to pay attention to your credit information so that you can minimize any potential damage.
* Myth: When computers slow down, it means that they are old and should be replaced.
Truth: It is possible that running newer or larger software programs on an older computer could lead to slow performance, but you may just need to replace or upgrade a particular component (memory, operating system, CD or DVD drive, etc.). Another possibility is that there are other processes or programs running in the background. If your computer has suddenly become slower, you may be experiencing a denial-of-service attack or have spyware on your machine.
For more information: http://www.us-cert.gov |
|
|
|
|
|
|
|
|
|
| 10/6 - Tip to Spot Email Scams |
Like everything else in this world...Google it! For example, I got this job offer (copy below) in my inbox. Try Googling a sentence from the letter.
I tried Googling the first sentence Our company is looking for permanent representatives within the territory of the Canada/America and Europe.
Most of the top results returned relate to scam alerts or warnings. You may also want to put the sentence in quotations as well to limit the results. This should be only one of many tools or tips to use to keep you safe online. Also, keep in mind that job offer scams usually have poor grammar and spelling, a free email account for contact, and no skills required.
Dear Sir/Madam,
Our company is looking for permanent representatives within the territory of the Canada/America and Europe. We need people at the age of 21 to 60 for rather easy work on processing of the incoming mail and performancing of simple management duties.
You don’t have to be a specialized professional or to have special training. We also do not require the working experience in this field; all you need for this job are:
* ability to accurately follow the instructions on the solving the required tasks
* be a confident computer user
* ability to work with MS Word
* ability to work with MS Excel
* have permanent Internet access
The compensation about $800 - $2500 per month.
This job suits mothers, students, pensioners and people who are looking for the additional earnings perfectly well. You need only 3-4 spare hours during the day to fulfill your working duties.
All the candidates will be checked and selected on the competitive basis. To submit your application, please, send us your resume/CV to the following address: andy.thomson.hr@gmail.com
Thanks in advance as I look forward to hear from you.
Very Respectfully,
A.D.C.Co., Ltd
Mrs.Richard Avedon
Managing Director
|
|
|
|
|
|
|
|
|
|
| 9/29 - What is a Good Password/Reminder? |
Should a password be long and complicated, requiring it to be written down to remember it….or should a password be easy to remember, easy enough that you don’t have to write it down.
Complex passwords – ones with lots of random numbers, punctuation, and letters are the best. And if you have to write it down, that’s OK…because the biggest threat in defense contracting comes from the outside, especially hackers sponsored by a nation state or organized crime. The inside threat – a colleague who may use your password to gain access to a files only you have access to – is not nearly as grave.
In addition, you also want to take care when selecting questions for “password reminders”. Recently, Gov. Palin's yahoo email was accessed unauthorized. It really wasn’t a “hack", because it just required some research and guessing. Usually, a user has to answer a question they wrote and that they can only answer to get their password. Well, if you’re making headlines in the media – Googling “where did palin meet her husband” will return enough answers.
P.S. ClearanceJobs.com does not employ an automated “Password Reminder” type feature for security purposes.
Related Resources:
Microsoft: How to create strong passwords
Tips on safeguarding your password
Suggestions for selecting good passwords
|
|
|
|
|
|
|
|
|
|
| 9/5 - Data Mobility is... |
Recent articles highlighting the danger thumb drives (i.e. flash drives, key drives, usb drives) can cause in high-secure government facilities and in the corporate world. The greatest benefit and threat of a thumb drive is their portability.
Here are a few security tips to help secure the use of a thumb drive:
Keep an eye on it.
Don’t be careless with thumb drives. Don’t leave them lying around (especially still in the machine). It may be a little nerdy, but around it around you neck isn’t a bad idea.
Look out for viruses
Be careful when you connect your thumb drive to shared computers – viruses could be floating about. An anti-virus program should scan the thumb drive when it connects to the machine. Also, if you don’t know where the thumb drive has been, don’t use it!
Encrypt your data
If your thumb drive falls into the wrong hands, your data will be there for everyone to see. You need to protect your files. Think about encrypting your data. Some thumb drives already have encryption features with it. You may have to purchase encryption software yourself. There is also a free, open source disk encryption software called TrueCrypt.
The hardest part of having encryption software – actually getting in the habit of using it!
Backing up your data
It’s great to have all your data protected – however, encrypted data can be lost as easily as unprotected. So back it up…and protect that as well! It’s never ending.
|
|
|
|
|
|
|
|
|
|
| 8/25 - Spear (a.k.a. 'Smart') Phishing |
The practice of 'spear phishing' has been known for quite some time. However, it doesn't seem to get it's far share of attention. We have all heard (or gotten) phishing scams using random services as bait (i.e. Paypal). Most daily internet users can identify those pretty easily as phishing scams. These new targeted phishing scams are far more sophisticated (i.e. relevent subject matter or offer). Keep a look out.
At West Point in 2004, teacher and National Security Agency expert Aaron Ferguson sent out a message to 500 cadets asking them to click a link to verify grades. Ferguson's message appeared to come from a Colonel Robert Melville of West Point. Over 80% of recipients clicked the link in the message. In response, they received a notification that they'd been duped and warning that their behavior could have resulted in downloads of spyware, Trojan horses, and/or other malware.
Spear phishing is a targeted form of cyber crime whereby e-mail messages appear to come from a highly trusted source, such as someone in a position of authority in the recipient's own organization. Spear phishers use these messages to gain unauthorized access to corporate systems and confidential data.
According to an article in the New York Times, spear phishing attempts are not typically initiated by "random hackers" but are more likely to be conducted by "sophisticated groups out for financial gain, trade secrets or military information."
Here's a spear phishing attack scenario: The perpetrator finds a Web site for a targeted organization that supplies contact information for employees and other relevant data about the company. Using available details to make the message seem authentic, the perpetrator drafts an e-mail appearing to come from an individual who might reasonably request confidential information, such as a network administrator. Typically, a spear phisher requests user names and passwords or asks recipients to click on a link that will result in the user downloading spyware or other malicious programming. The message employs social engineering (fraudulent, non-technical) tactics to convince the recipient. If a single employee falls for the spear phisher's ploy, the attacker can masquerade as that individual and gain access to sensitive data.
Most people have learned to be suspicious of unexpected requests for confidential information and will not divulge personal data in response to e-mail messages or click on links in messages unless they are positive about the source. The relative success of spear phishing relies upon the details used: The apparent source is a known and trusted individual, information within the messsage supports its validity, and the request seems to have a logical basis.
Education is perhaps the chief weapon against spear phishing. As an experiment, New York's chief information security officer sent mock phishing e-mail messages to about 10,000 New York state employees. The messages looked like official notices, asking the recipients to click on Web links and provide passwords and other personal information. With the first run of the e-mail, 75 percent of the employees opened the e-mail, 17 percent followed the link and 15 percent entered data.
Recent related articles:
- Criminals phish for CEOs via fake subpoenas
- Phishing Tests Educate People About Online Scams
|
|
|
|
|
|
|
|
|
|
| 8/22 - Using a Soldier Story as Bait to Phish |
As with previous email phishing scams shared on Security Tips, this one exhibits poor grammar and spelling, a free email account for contact, and to good to be true promises. Never click any links in an emails you think are suspicious.
---------------------------------------------------------------------------------------------------------------------------------------
HOW ARE YOU AND YOUR FAMILY? HOPE ALL IS WELL. MY NAME IS (SGT 1ST CLASS) GEOGE BROWN ; I AM AN AMERICAN SOLDIER, SERVING IN THE MILITARY WITH THE ARMY’S 3RD INFANTRY DIVISION. WITH A VERY DESPERATE NEED FOR ASSISTANCE, I HAVE SUMMED UP COURAGE TO CONTACT YOU. I FOUND YOUR CONTACT PARTICULARS IN AN ADDRESS JOURNAL. I AM SEEKING YOUR KIND ASSISTANCE TO MOVE THE SUM OF ($8 MILLION U.S.
DOLLARS) EIGHT MILLION UNITED STATES DOLLARS TO YOU IN UNITED STATES, AS FAR AS I CAN BE ASSURED THAT MY SHARE WILL BE SAFE IN YOUR CARE UNTIL I COMPLETE MY SERVICE HERE. SOURCE OF MONEY: SOME MONEY IN VARIOUS CURRENCIES WERE DISCOVERED IN BARRELS AT A FARMHOUSE NEAR ONE OF SADDAM’S OLD PALACES IN TIKRIT-IRAQ DURING A RESCUE OPERATION, AND IT WAS AGREED BY STAFF SGT KENNETH BUFF AND I THAT SOME PART OF THIS MONEY BE SHARED AMONG BOTH OF US BEFORE INFORMING ANYBODY ABOUT IT SINCE BOTH OF US SAW THE MONEY FIRST.
THIS WAS QUITE AN ILLEGAL THING TO DO, BUT I TELL YOU WHAT? NO COMPENSATION CAN MAKE UP FOR THE RISK WE HAVE TAKEN WITH OUR LIVES IN THIS HELL HOLE. OF WHICH MY BROTHER IN-LAW WAS KILLED BY A ROAD SIDE BOMB LAST TIME.YOU WILL FIND THE STORY OF THIS MONEY ON THE WEB ADDRESS BELOW;
http://www.washingtonpost.com/ac2/wp-dyn/A35080-2003Apr24
THE ABOVE FIGURE WAS GIVEN TO ME AS MY SHARE, AND TO CONCEAL THIS KIND OF MONEY BECAME A PROBLEM FOR ME, SO WITH THE HELP OF A BRITHISH CONTACT WORKING HERE, AND HIS OFFICE ENJOY SOME IMMUNITY, I WAS ABLE TO GET THE PACKAGE OUT TO A SAFE LOCATION ENTIRELY OUT OF TROUBLE SPOT.
HE DOES NOT KNOW THE REAL CONTENTS OF THE PACKAGE, AND BELIEVES THAT IT BELONGS TO A BRITHISH/AMERICAN MEDICAL DOCTOR WHO DIED IN A RAID HERE IN IRAQ, AND BEFORE GIVING UP, TRUSTED ME TO HAND OVER THE PACKAGE TO HIS FAMILY IN UNITED STATES. I HAVE NOW FOUND A VERY SECURED WAY OF GETTING THE PACKAGE OUT OF IRAQ TO YOUR COUNTRY FOR YOU TO PICK UP, AND I WILL DISCUSS THIS WITH YOU WHEN I AM SURE THAT YOU ARE WILLING TO ASSIST ME, AND I BELIEVE THAT MY MONEY WILL BE WELL SECURED IN YOUR HAND BECAUSE YOU HAVE FEAR OF GOD.
I WANT YOU TO TELL ME HOW MUCH YOU WILL TAKE FROM THIS MONEY FOR THE ASSISTANCE YOU WILL GIVE TO ME. ONE PASSIONATE APPEAL I WILL MAKE TO YOU IS NOT TO DISCUSS THIS MATTER WITH ANYBODY, SHOULD YOU HAVE REASONS TO REJECT THIS OFFER, PLEASE AND PLEASE DESTROY THIS MESSAGE AS ANY LEAKAGE OF THIS INFORMATION WILL BE TOO BAD FOR US SOLDIER’S HERE IN IRAQ.I DO NOT KNOW HOW LONG WE WILL REMAIN HERE, AND I HAVE BEEN SHOT, WOUNDED AND SURVIVED TWO SUICIDE BOMB ATTACKS BY THE SPECIAL GRACE OF GOD, THIS AND OTHER REASONS I WILL MENTION LATER HAS PROMPTED ME TO REACH OUT FOR HELP, I HONESTLY WANT THIS MATTER TO BE RESOLVED IMMEDIATELY, PLEASE CONTACT ME AS SOON AS POSSIBLE WITH MY PRIVATE E-MAILADDRESS WHICH IS MY ONLY WAY OF COMMUNICATION ( sgt_geoge.brown@yahoo.com) GOD BLESS YOU AND YOUR FAMILY.
SGT.GEOGE BROWN
3RD INFANTRY DIVISION |
|
|
|
|
|
|
|
|
|
| 8/15 - Hackers Spoof CNN & MSNBC Alerts in New Malware Attack |
A flood of e-mails pretending to be from CNN & MSNBC contain links to malicious software, security companies warned. Emails with subject lines always start with "msnbc.com - BREAKING NEWS" then are followed with a variety of possible headlines, including: "Google launches free music downloads in China"; "Plane crashes into school, hundreds of kids killed"; "CNN.com Daily Top 10"; "Tropical Storm Edouard moving toward Texas coast"; and "Tehran says it launched nuke missile."
The Web address http://breakingnews.msnbc.com is valid if you type it into your browser; however, clicking the link within the body of the e-mail will take you to another site entirely. The bogus site will then ask you to download a Flash video file. It is the file adobe_flash.exe that contains a malicious Trojan horse.
Additional News Articles:
Massive faux-CNN spam blitz uses legit sites to deliver fake Flash
Hackers spoof MSNBC alerts in new twist on massive malware ruse
MX Logic IT Security Blog: CNN Spam is now MSNBC Spam
|
|
|
|
|
|
|
|
|
|
| 8/12 - Classic Fake Job Offer |
Got an email today with one of the worst fake job offers we've ever seen. Don't fall for phishing scams like this. Key signs are "work from home", "a fixed salary", poor grammar and spelling, a free email account for contact, and essentially no skills required.
Hello!
We offer a part time job on your computer.
Job Description:
We will provide you with the texts for our employees with the important information and you will correct the texts as an english speaking person and send them back to us.
Salary:
We don't have a fixed salary for this vacancy. We will pay you $7.00 for every 1Kb of the corrected text. You will get paid at the END of each month. Every month your salary will be different as it depends on your activity.
Example: If you correct about 5Kb of texts per day you will get over $1000.00 at the end of the month.
Requirements:
-Location: USA
-Age: 20+
-Home computer, e-mail address and Microsoft Word
-Responsibility
To apply for job please send us the following information to e-mail: hrdating.curriston@gmail.com
FULL NAME:
HOME ADDRESS:
CITY, STATE, ZIP CODE:
Phone number (home or cell, but SHOULD BE available any day time):
E-MAIL:
AGE:
OCCUPATION:
EDUCATION:
AVAILABLE HOUR TO WORK WITH US:
As soon as we revise your aplication we will contact you within 24 hours.
If you have any additional questions, feel free to ask.
Awaiting for your application.
With respect
Dating Euro Union
|
|
|
|
|
|
|
|
|
|
| 8/7 - The Top 10 Most Spammed US States |
Interesting stuff from MessageLabs. They recently released year-to-date spam rates for each US state. The top 10 most spammed US states are as follows:
1. Illinois
2. South Dakota
3. Oregon
4. New Hampshire
5. Wisconsin
6. North Carolina
7. Indiana
8. Texas
9. Pennsylvania
10. Alabama
MessageLabs scans three billion email connections per day and in June 2008, the global ratio of spam in email traffic from new and previously unknown bad sources was 81.5%. The lowest percentage of spam going to a single state was 78.5 percent. The average spam level for the entire US reached 86 percent in June.
To download state-by-state spam results, Click here
To view a state-by-state map, Click here
MessageLabs Intelligence is a respected source of data and analysis for messaging security issues, trends and statistics. MessageLabs provides a range of information on global security threats based on live data feeds from our control towers around the world scanning billions of messages each week. For more information, visit www.messagelabs.com/intelligence.aspx. |
|
|
|
|
|
|
|
|
|
| 7/25 - Defense Security Service Faulted for Jeopardizing ID Data |
From reuters news wire...
Personal data collected on military, civilian and contractor employees seeking federal security clearances between 1997 and 2005 could be at risk due to inaccurate record-keeping by the Pentagon agency that did the investigations, an audit showed on Thursday.
The Defense Security Service (DSS) was initially unable to account for 501 laptops used by its investigators and loaded with personal identity data, posing an undue risk to those people's privacy, the Pentagon's internal watchdog said in the audit.
Most of the laptops have since been found, but the report said questions remained about how well DSS was tracking its assets.
DSS handled security clearance investigations until February 2005, when the Office of Personnel Management took over.
"DSS management in place during the transfer of the personnel security investigation function to OPM created a lack of accountability for assets, posing an undue risk ... for military, civilian, and contractor employees who were investigated for security clearances between 1997 and 2005", said the audit by the Pentagon inspector general. DSS later located 308 of the 501 laptops...read more.
|
|
|
|
|
|
|
|
|
|
| 7/14 - Tax-Related Identity Theft Skyrockets |
A few days ago the IRS released a report by the National Taxpayer Advocate, which concluded that tax-related identity theft rose 644% from 2004 to 2007.
The IRS is attempting to educate taxpayers, warning them of a new wave of scam using the IRS name in identity theft (aka phishing) faxes, e-mails. These letters will often threaten taxpayers that they will lose money or a refund if they do not respond. These types of scam are clearly trending upward, with taxpayers reporting 700 separate phishing incidents to the IRS for May and June alone. So far this year, taxpayers have reported about 1,600 phishing incidents to the IRS.
Recently, scammers have targeted taxpayers’ economic stimulus payments usually mostly e-mail scams that requesting detailed personal information and appear as though they came from the IRS. The message will recommend direct deposit into the taxpayer’s checking or savings account. To receive the payment, recipients must click on a link to complete and submit an online form by a certain date; otherwise, the e-mail warns, payment may be delayed. The form requests personal and financial data, including checking or savings account numbers that the scammers can use to gain access to the accounts.
In reality, the way members of the public receive their economic stimulus payment is to file a tax return with the IRS, not a special form. Additionally, the IRS does not request personal or financial information via e-mail. Information on how to obtain an economic stimulus payment may be found on the IRS Economic Stimulus Payments Information Center.
Remember, the IRS
- does not send unsolicited e-mail about tax account matters to taxpayers
- does not discuss tax account matters with taxpayers in e-mails
- does not request security-related personal information, such as PIN numbers, from taxpayers.
What to do if you receive an email from the IRS.
Anyone wishing to access the IRS Web site should type www.irs.gov into their Internet address window, rather than clicking on a link in an e-mail or opening an attachment, either of which may download malicious code or send the recipient to a phony Web site.
Those who have received a questionable e-mail claiming to come from the IRS may forward it to the following address: phishing@irs.gov. Use the instructions contained in an article on the IRS website titled Protect Yourself from Suspicious E-Mails or Phishing Schemes. Following the instructions will help the IRS track the suspicious e-mail to its origins and shut down the scam.
Those who have received a questionable telephone call that claims to come from the IRS may also use the phishing@irs.gov mailbox to notify the IRS.
More Resources
Taxpayer Advocate Service
Tax Information for Members of the U.S. Armed Forces
National Taxpayer Advocate's FY 2009 Objectives Report to Congress
source:www.irs.gov. |
|
|
|
|
|
|
|
|
|
| 6/19 - Red Flags To Look For When Searching For Jobs Online |
It seems more and more are turning to the Internet as a key tool, noting that in 2007, 73% of job seekers reported using the online sources compared to 66% in 2005. While the Internet has made searching for jobs easier, it also provides an opportunity for ID thieves and scammers to take advantage of eager - and unsuspecting - job seekers.
Unfortunately, the search for a dream job can lead to becoming a victim of identity theft or other types of fraud. In 2007 alone, the FTC recorded more than 11,000 complaints about business opportunities including work-at-home scams, many of which were advertised online...read more.
The Better Business Bureau advises job hunters to follow six red flags jobs to be on the look out for when using online resources:
1. Employer e-mails are rife with grammatical & spelling errors.
2. E-mails purporting to be from online job boards claiming there's a problem with your account.
3. Employer asks for extensive personal info such as Social Security or bank account numbers.
4. Employer offers the opportunity to become rich without leaving home.
5. Salary and benefits offered seem too good to be true.
6. Employer asks for money upfront.
Great resources for keeping yourself (and your information) safe online can be found at:
Internet Fraud Watch
• FTC: OnGuard Online
• BBBOnline
|
|
|
|
|
|
|
|
|
|
| 6/9 - Are State Laws Working Against ID Thefts? |
Over the past five years, 43 US states have adopted data breach notification laws, but has all of this legislation actually cut down on identity theft? Not according to researchers at Carnegie Mellon University who have published a state-by-state analysis of data supplied by the US Federal Trade Commission (FTC).
"There doesn't seem to be any evidence that the laws actually reduce identity theft," said Sasha Romanosky, a Ph.D student at Carnegie Mellon who is one of the paper's authors.
However, they found that other factors, such as the state's population, gross domestic product and fraud rate did have a significant effect on identity theft rates….read more.
- FTC ID Theft Victims Log
- U.S. States That Have Enacted State Security Breach Notification Laws
- Study: Do Data Breach Disclosure Laws Reduce Identity Theft?
|
|
|
|
|
|
|
|
|
|
| 5/6 - An Army “Phishing” Test Backfires |
An e-mail, which had the Army’s official MWR logo, appeared to be an attempt to obtain personal information from soldiers by offering promises of free or discounted tickets to theme parks and attractions.
The MWR Command eventually found out that the phishers were the Army’s own Network Enterprise Technology Command.
The phishing scam e-mail listed a Web link with an online registration form asking for a name, e-mail address, phone, city, state and ZIP code. The e-mail apparently went out across the service to soldiers’ Army e-mail accounts and to MWR professionals...read more.
Note: Phishing scams are when an e-mail is sent to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft. The e-mail directs the user to visit a Web site where they are asked to update personal information, such as passwords and credit card, social security, and bank account numbers, that the legitimate organization already has. The Web site, however, is bogus and set up only to steal the user’s information. |
|
|
|
|
|
|
|
|
|
| 4/28 - Internet Security Threat Report - April 2008 |
The latest Internet Security Threat Report was released in April 2008 by Symantec Corp. The report concludes that the Web is now the primary conduit of attack activity, as opposed to network attacks, and that online users can increasingly be infected simply by visiting everyday Web sites.
In addition, attackers are leveraging a maturing underground economy to buy, sell and trade stolen information. This economy is now characterized by a number of traits common in traditional economies. For example, market forces of supply and demand have a direct impact on pricing. Credit card information, which has become plentiful in this environment, accounted for 13% of all advertised goods -- down from 22% in the previous period and sold for as low as $0.40. The price of a credit card in this underground market is determined by factors such as the location of the issuing bank. Bank account credentials have become the most frequently advertised item making up 22% of all goods and selling for as little as $10.
Other interesting findings in the report include:
- Theft or loss of a computer or other device made up 57% of all data breaches during the last half of 2007 and accounted for 46% of all reported breaches in the previous reporting period.
- Government was the top industry sector for identities exposed, accounting for 60% of the total, an increase from 12% in the previous reporting period.
- A full identity can be purchased in the underground economy for as little as $1.
The report is derived from data collected by millions of Internet sensors, first-hand research and active monitoring of hacker communications and provides a global view of the state of Internet security.
|
|
|
|
|
|
|
|
|
|
| 4/21 - Don't Fall for Work at Home Scams |
A good article on MSNBC reviews why just about all work from home jobs are actually scams. These jobs include at-home sales, packaging, mystery shopping, and other classic scams. Definitely not real jobs, these crooks are hoping to lure you into providing them with your information for identity theft and/or bank information. If it sounds too good to be true, it probably is.
Related Resources
The Better Business Bureau has a nice little section that specifically addresses the Most Common Work-at-Home scams being seen online and offline.
The National Consumers League maintains a great website that addresses Fraud and Internet Fraud. In addition, they also have a specific page on Work-at-Home Scams. |
|
|
|
|
|
|
|
|
|
| 4/9 - Old Phishing Scam |
See the email below for a new take on an old phishing scam. Again, read the content. The job is too good to be true. 100% flexible hours and a free iPhone! Don't fall for junk like this.
Dear Sir/Madam,
We are happy to have your little time and paying our attention to this letter.Precious Metals incorporated company is looking forward to co-operate with you and provide you the vacancy of financial department employee in our company. We can definately say that after we had a chance to get acquainted with your resume, placed at one of the job seeking websites.
The company specializes in the sphere of purchasing, selling and exchanging different types of the most popular precious metals such as gold, silver, platinum and palladium. Precious Metals was found in 2002, and we started as a small business in Poland. Strong motivation and concentrated working made us well known in Europe and allowed to expand internationally. For more than five years we bring the best service quality and assistance to our highly respected customers.
Since we started entering foreign and overseas markets, also dealing with US precios metals market, we need a strong and reliable staff, so we are looking for honest and confident employees.
The best working conditions are provided for all of our employees by the company. Each of them is supported with the most functional connection devices known nowadays(such as Apple iPhones or Blackberries and MacBook Pro laptops) to make your work easier and more comfortable. $165,000 annual salary is that what we guarantee. Annual salary of $225,000 for MBA degree holders is provided as a privelege. Each employee receives the salary payment monthly, in the end of each month of working.
We do not perform this vacancy as a full-time employment, the working shedule is flexible, the best way is to choose the most comfortable hours during a day to perform your duties. Though, you will have to check your email during the working day, answer to our managers phone calls – they will provide you working instructions, answer your questions and support you. So you always have a strong assistance and able to get help with each step.
If you have any questions, please do not hesitate to ask them via email: n.jones.pm.inc@XXX.XXX
or try this number (XXX) 394-8945 (9 AM - 7 PM EST, Monday - Friday)
We are looking forward to hearing from you.
Natalie Jones, PM Inc
n.jones.pm.inc@XXX.XXX
(XXX) 394-8945 (9 AM - 7 PM EST, Monday - Friday)
|
|
|
|
|
|
|
|
|
|
| 3/12 - Overseas Job Scams |
Finding a new job can be difficult and frustrating. Having skills in high demand and a security clearance can make you a very attractive candidate. Those same attributes can also make you a target for overseas job scams.
When surfing the internet looking for your dream job overseas, beware of job firms listing sky-high salaries and a toll free number for you to call for more information.
Conduct research on the company at the Better Business Bureau.
Overseas Job Scam Tips
- Be skeptical of overseas employment opportunities that sound "too good to be true".
- Never send cash in the mail, and be extremely cautious with firms that require a money order.
- Official-sounding names mean nothing. Many scam artists operate under names that sound like those of long-standing, reputable firms.
- Avoid working with firms that require payment in advance.
- Do not give your credit card or bank account number to telephone solicitors.
- Read the contract very carefully. Have an attorney look over any documents you are asked to sign.
- Beware of an agency that is unwilling to give you a written contract.
- Do not hesitate to ask questions. You have a right to know what services to expect and the costs involved.
- Take time to weigh all the pros and cons of the situation. Be wary of demands that "you must act now".
- Keep a copy of all agreements you sign, as well as copies of checks you forward to the company.
Source: Better Business Bureau
|
|
|
|
|
|
|
|
|
|
| 2/25 - Are You A Human? CAPTCHA Will Know… |
The internet has developed to the point where software can automatically fill/submit web forms, create email accounts, and apply for jobs online. Many sites, including ClearanceJobs.com, are now using a method called CAPTCHA to block these automated submissions. If you are not logged into ClearanceJobs.com, you will see a CAPTCHA (see image below) that needs to be completed before you can submit a job application.
Remember: To avoid this CAPTCHA, either log in with your existing credentials or register with ClearanceJobs.com.
CAPTCHAs are commonly used on web forms, where the user enters some information, such as an URL, a comment, a post, or registration; this will prevent automated software from performing actions such as: posting to blogs or forums, submitting job applications, commenting, signups, registrations, etc.
Now, I know what you’re probably thinking. CAPTCHA tests are annoying and sometimes hard to solve. However, they are used for your safety and ours.
Sometimes hackers and/or spammers use “bots” to attack websites, networks, and users. Since “bots” are computer programs, they are unable to solve CAPTCHA tests. However, humans can easily type in the right code and continue through the application processes. These infuriating, bothersome, and annoying CAPTCHA tests help keep our users safe. Try to think about the positive side of CAPTCHAs when you fill them out.
For more information about CAPTCHAs and how they work:
- History of Captcha
- Captcha Project
- Wikipedia: CAPTCHA
Did you know?
A CAPTCHA stands for "Completely Automated Public Turing test to tell Computers and Humans Apart".
|
|
|
|
|
|
|
|
|
|
| 2/12 - Spoofing Alert - ClearanceJobs.com |
It appears that someone is spoofing ClearanceJobs.com in a spam email. The email has a link to a file on the LatPro.com job board, which is a real job board. DO NOT click, run, or download the file. We are contacting LatPro.com to tell them that someone has managed to add a malicious file to their service.
ClearanceJobs.com is in no way affiliated or related to LatPro.com.
Thanks |
|
|
|
|
|
|
|
|
|
| 1/31 - CareerBuilder Phishing Scam Making Rounds on Internet |
Emails are circulating around the internet claiming to be from CareerBuilder.com. While CareerBuilder isn't affiliated with our site in any way, we thought we'd warn people to not fall for this email.
The scam email is as follows:
Dear employer
Due to a recent security breach in the Careerbuilder computer system, a new set of terms and conditions has been issued. In order to guarantee the security of your Careerbuilder account , we need you to login over a secure connection and confirm your user and password, by clicking the link below.After the process is completed, your account will be secured as stated in the new terms of use.
Please click on the link below and login in order to accept the new terms and conditions that have been issued ( Online Access Agreement Update ) :
http://www.careerbuilder.com/share/login.aspx?sc_cmp2=JS_Nav_MyCB_Login
After completing this process, you will be redirected to our new terms of use.
Thank you
A few things make this stick out as a junk email. First, clicking the link redirects you to a URL that is not on the CareerBuilder site. Second, the email doesn't look like a standard CareerBuilder email.
Don't fall for it!
|
|
|
|
|
|
|
|
|
|
| 1/25 - Laughable Spam Email |
Here's another piece of spam, this time poorly disguised as a job offer:
Hello, I am Tanya
I am manager of Russian reseller company: "Nix inc".
htt://nix.ru/
Our company need US and Ca partners for dropshipping.
We buy staff in the USA and resell it to our clients in Eastern Europe (including Russia).
If you are interested in cooperation we offer the following conditions:
You recieve a package
Then we send you pre-paid shipping label (we have our own USPS account), you should print it and put on the box.
Then you go to the nearest USPS office and ship this package as soon as it possible.
We will pay money for your work via Paypal each two weeks.
The first month of work you will get $20 per package (it is some kind of verification), and then $40 per each.
Please, provide us with the
following details to get started:
Age,Name,Address for receiving package ( will be delevered 10:30 am - 16:30 pm)
Telephone number!!!
If you are interested in this offer please write on: job@nixreselling.com for more information.
If our offer you does not interest simply ignore this letter. Excuse for troubling.
Thanks a lot!
Tanya.
Unless you are hunting for a job in Russia, there's no reason to even read emails from anyone claiming to be from there, or having anything to do with the country. Other dead giveaways that this is pure junk include poor English, requests for personal information, and the offer to pay for doing menial tasks like delivering boxes. |
|
|
|
|
|
|
|
|
|
| 1/23 - Should I Provide Clearance Details? |
There's some debate as to whether a job seeker should provide clearance details on their resume. As a rule, the government suggests that you NOT make your clearance details known in a public forum. ClearanceJobs.com is not a public forum.
Our service has restricted access – only authorized government contractors and legitimate search firms are allowed access to your resume. We manually pre-screen each employer requesting access. All employers gaining access to ClearanceJobs.com must be U.S.-based, and all recruiters using our system must be U.S. citizens. Additionally, we do not allow employer access to ClearanceJobs.com from outside the continental United States. Employers must be manually pre-screened. Unlike all other job boards, it is not possible to obtain resume database access on ClearanceJobs.com with only a credit card. Don’t forget – other “monster” type job boards allow anyone, from any country, to access your resume with a credit card.
ClearanceJobs.com is not a public forum, but rather a secure, closed access system, so you can provide clearance details should you choose to do so. |
|
|
|
|
|
|
|
|
|
| 12/19 - More Junk Email |
Here is an example of a phishing scam spam seen recently. The goal of the email is to entice potential job applicants to contact the fake company. During a fake interview, the candidate would be asked for various personal items like Social Security Number, bank account information for "direct payment of salary", etc.
TRX Group International Ltd.
95 Wilton Road, London, SW1V 1BZ, United Kingdom
International head office phone: +4407092897500
US and Canada fax: +1 (425) 871-1160
Hello!
I ran across your resume on an employment website recently, and your qualifications made you stand out. TRX Group needs people like you to fill Regional business manager positions that are currently open. From the experiences and qualifications you have listed I feel you would be likely candidate to fill this position.
We at TRX Group are dedicated to providing a wide range of services to assist people who have worked abroad in Tax refunds. With 3 years experience in the international tax refunds area, the aim of TRX Group tax refund dept. is to obtain the maximum possible legal refund , in the fastest time possible and with the minimum amount of hassle.
We are currently searching for qualified individuals to join our team. There are several types of positions available throughout the United States and Canada. We are looking for tax preparers, District Managers, Office Supervisors and Regional Business Representatives. Year-Round and Seasonal opportunities are available. We also offer ownership potential.
Candidates for the Regional Business Representative position with TRX Group must be hard working and employ excellent communication skills. Responsibilities of the position include the use of a variety of web based tools to investigate and to resolve issues in a professional and timely manner.
Income potential for this position is tremendous. Based upon qualifications and experience, monthly income ranges from $6000 - $7000.
Other benefits associated with this position include Medical Insurance, and Educational Advancement Opportunities.
Salary: Annual gross starting salary of $48k-72k USD, paid in monthly installments by your choice.
Performance Bonuses: Up to three percent of your annual gross salary, paid bi-monthly by your choice.
Benefits: Standard benefits for salaried-exempt employees (one month after beginning your hire date), including the following
- 401(k) retirement account
- Child daycare assistance
- Education assistance
- Sick leave
- Vacation and personal days
To accept this job offer:
Please forward your resume (in Microsoft Word or Text format), contact information and questions to HR dept. e-mail: hr@trxgroup.org
You will be contacted within 5 business days.
Best regards,
David Beasley
HR Dept.
TRX Group International LTD.
Remember, if it sounds too good to be true, it probably is. A few things here jump out as wrong: First, the only requirements are thin, and those that anyone would naturally have - "hard working" and "good communication skills." Most real jobs have real requirements. The foreign origination is another red flag. Next, the high salary, bonus, and full benefits for doing "web-based" work are another giveaway that this is a fake job. Also, all fake jobs are overly accomodating to appeal to a broad audience. The fake job text reads: "There are several types of positions available throughout the United States and Canada. We are looking for tax preparers, District Managers, Office Supervisors and Regional Business Representatives. Year-Round and Seasonal opportunities are available."
Don't be fooled by fake job ads like this. When in doubt, contact someone from a job board's customer service department, a reputable staffing firm, or someone else "in the know" who can help you validate whether a job offer is legitimate or spam. |
|
|
|
|
|
|
|
|
|
| 11/30 - Example of Fake Job Offer |
We wanted to post an example of a fake job offer here to give you ideas on what to look for. This is an actual email we received.
Unique career opportunity to reward your skills and talents
Good afternoon,
My name is Jane Eshkova, and I'm a senior HR manager for Compass Group Corp. At the moment, our company has an open position for Remote Manager in the Department of Small Investment Projects. We have considered your application, and we believe that you are a suitable candidate for this position.
Here is a brief description of this job :
Location: United States
Status: AVAILABLE
Employee Type: Full-Time Employee, Part-Time Employee
Description
Managing company's minor investment projects mostly related to promoting antivirus software products, anti-phishing solutions, data protection and comprehensive PC security packages. Additional investment projects are related to development of graphic applications, corporate identity design, building turnkey web sites.
All the projects have different levels of complexity. Level 1 project are very easy, and even a housewife can manage such projects.
Level 5 projects demand special knowledge in marketing strategy of product promotions, and also programming skills.
The tasks of the Remote Manager are:
- To ensure that top notch service is consistently provided to customers;
- Maximize conversion of telephone inquiries into paid orders;
- Achieve objectives by utilizing effective telephone techniques and interactions with potential customers.
The Remote Manager studies every inquiry, calculates service commission, develops a cash-flow scheme for each order, consults clients on payment conversion details, etc. The training course is enclosed.
Salary
The payment $2,500 per month + 2-5% from each order.
Qualifications:
- Age range from 21 to 40 years
- Communicates effectively, verbally and in writing
- Well-balanced personal and managerial style
- Mature, professional approach to people and problems
- Computer proficiency (advanced user level)
General
- Office environment
- Full-time occupation
- Part-time job available
If you are interested in this vacancy, but you have questions, please, do not hesitate to ask them. I am always glad to help you. Also, please get familiar with our corporate website.
(website URL removed)
ATTENTION! Please do not reply to this email. If you are interested in this position, contact me directly:
JANE.ESHKOVA@COMPASSCORP.NET
Jane Eshkova,
HR Department,
Compass Group Corp
A few things jump out here are phishy. First, employers NEVER email you and offer you a job and salary up front. Interviews are always necessary. Second, the reply-to address was a "free" email account from the United Kingdom. In this case, emblem@excite.co.uk. Third, the email says to respond to JANE.ESHKOVA@COMPASSCORP.NET but the reply-to address is emblem@excite.co.uk. Fourth, the employer does not list a phone number. And finally, the email is very general in nature, trying to appeal to a wide audience and cast the widest net. "Level 1 project are very easy, and even a housewife can manage such projects."
Don't fall for fake job offers. If you ever want to validate a job offer and/or employer, use the Contact link at the bottom of this page to forward us inquiries you've received.
|
|
|
|
|
|
|
|
|
|
| 11/27 - Validating Email Job Inquiries |
With all of the spam on the net, it can be difficult to weed though fake job offers and scams to find the legitimate inquiries. Here are some tips:
- Fake job offers often originate from overseas. These emails contain broken English, unrealistic salaries, and almost always ask you to respond to a free, public email account like Yahoo, Gmail, AOL, or Hotmail.
- Fake job offers often ask for unnecessary personal data like contact information, social security number, phone number, passwords, bank accounts, etc.
- Fake job offers often contain attached files, some of which can be dangerous to open.
- Fake job offers often "spoof" or pretend they are coming from ClearanceJobs.com when in fact they are not. When employers contact you, the reply-to address will never be from ClearanceJobs.com but rather directly from that employer's own work email account.
Registered employers on ClearanceJobs.com are all manually pre-screened. We only allow authorized government contractors and legitimate, recognized search firms in our system, and it's impossible to view resumes with a credit card.
If you receive contact from a potential employer and want to validate the contact person or their offer, forward the email to us by clicking the Contact link in the bottom footer of this page. We will help validate it for you immediately.
|
|
|
|
|
|
|
|
|
|
| 11/19 - Online Security Tips |
Online data security is always important to ClearanceJobs. We would like to take a minute to remind you of some important tips:
- Keep your machine up to date with the latest security patches.
- Create a separate email specifically for job hunting, separate from your personal email account.
- Make sure you have an up-to-date anti-virus product installed and running on your machine.
- Avoid using a Social Security number on your resume.
- Don't provide any non-work related personal information over the phone or online. This includes your hair and eye color, marital status, etc.
- Leave references off of a publicly posted resume.
- Never provide credit card or bank account numbers or related information.
- Be cautious when dealing with contacts outside of your own country.
- Never give out your ClearanceJobs username or password to anyone.
Two great resources for keeping yourself (and your information) safe online can be found at:
http://www.fraud.org/tips/internet/phishing.htm
http://onguardonline.gov/stopthinkclick.html
Finally, here are some things ClearanceJobs does and doesn't do:
- We don't send out emails with executable or compressed (zipped) files, or attachments other than PDF and Word documents.
- We don't ask you for your personal financial information in an email, and never ask for credit card information to be sent via email.
- We don't ask you for your password via phone or email, ever. (You will only be required to enter your password when logging onto ClearanceJobs.com).
- We do electronically sign our email using recognized industry standards, to verify our identity and guard against spoofing.
ClearanceJobs understands the importance of online security and protecting the personal information of our users. At ClearanceJobs, we value your privacy and are committed to good privacy practices regarding your personal information. To this end, we have adopted a Privacy Policy that governs our use of your personal information. Click here to view our complete privacy policy.
Also, if you come across questionable job postings or activity on the ClearanceJobs site or if you are approached by someone seeking personal information of the type identified above, please let us know immediately at support@clearancejobs.com.
|
|
|
|
|
|
|
|
