It’s coming up to the end of the financial year here in Australia and everyone seems to be on the lookout for bargains and preparing to fill in their tax returns, especially online. But remember that cybercriminals are also on the lookout – hoping to trick unassuming web users into handing over their credit card and personal details.
All it takes is one little mistake, so let’s take a minute to look at the main online risks and some simple steps on how to protect yourselves.
Tax time is always a crazy period when it comes to money. With the end of the financial year on 30 June, punters are shopping around for some tax write-off gear to balance the books and retailers are only too happy to oblige with sales, discounts, and other promotions both online and off.
Yet we’re all getting busier nowadays so the web offers a great alternative to traditional shopping, as well as providing more efficient ways for us to consume government services. No one likes taxes, but at least with “e-tax” the Oz government is taking as much of the pain as possible out of the process. In 2011, over 2.6 million Australians filed their returns this way and the number is growing year-on-year.
It’s no surprise then that cybercriminals – always on the lookout for ways to make an easy buck – have been cashing in, too.
Phishing for taxes
The main way they have been scamming users when it comes to e-tax is via fake tax return pages. The scam usually begins with an email purporting to come from the tax office. It looks official, written in reasonably accurate, official-sounding English and stamped with what appear to be authentic logos, but of course they aren’t.
You will usually be asked to click on a link to reclaim a tax rebate, or perhaps even to settle an outstanding bill. You will be made to feel like this is your LAST chance to do so and that the request is URGENT – all ploys to trick you into clicking.
You will then be taken to a fake web page – again mocked-up to look like a genuine site belonging to the tax authorities – where you’ll be asked to fill in personal info, including credit card details, tax number, name, address, phone number, etc. All of these are then harvested by the bad guys and either sold on the online black market to other criminals or used to commit identity fraud and drain your bank account.
Tips for staying safe online
Make no mistake, the bad guys are getting more and more persistent and their efforts at creating fake emails and phishing websites are improving, but there are a few best practice tips that will help you stay safe online:
- Download the official e-tax software if you’re planning to fill in your returns online. This is where account details need to be updated – not from a link on a dodgy email
- Always read the URL of a web site before entering in personal information. If it doesn’t look right, close the window and search for the site yourself online
- Make sure you have up-to-date security software on your machine. This can block phishing emails before they even reach your inbox and alert you if you’re in danger of visiting a malicious website
- Remember: The Australian Tax Office (ATO) will never send you an unprompted email, so ignore anything that comes into your inbox purporting to come from them – it WILL be a scam
I work for Trend Micro and the opinions expressed here are my own.
One of the troubles with this mobile computing world of ours is that having our data files by our sides at all times increases the risk of data loss and unwanted exposure. You’ve probably heard about the careless company executive that had his laptop PC stolen and then found out later that sensitive company data was contained on the system, including credit card numbers, financial account, information, company network passwords and so on.
I think many of us – not just this executive who’s probably looking for a new job right about now – keep sensitive files on our laptop PCs, particularly if we don’t use desktop systems anymore. I know I do.
Take Internet account passwords for example. Unless you use one password for everything – a really bad idea – or you have a great memory, you probably put those passwords in a spreadsheet or other kind of file for easy access and reference. Or maybe you are running off to your tax accountant with all sorts receipts that contain your bank account information and credit card numbers. In either case, I’ll show you how to use Trend Micro™ Titanium™ Maximum Security‘s Vault feature to keep the data you store on your computer safe and sound.
I worry about what the world will look like in five years time when my son reaches high school. I was leaving school and starting college when phones started to include cameras. Luckily for me, we didn’t have them at high school and the cameras on phones in those days were too poor to shoot pictures at night or inside.
I don’t know about you, but I’m one of those guys who likes the convenience and synergy of Comcast’s XFINITY Triple Play service, because it provides phone, Internet, and TV access all wrapped up in a single package. (If it were cheaper, I’d like it even better!)
Dealing with one company, rather than two or three (particularly when things go wrong), is one advantage. Paying a single bill is another. Cable Internet speeds are also great for Netflix and other smart TV apps, so that’s a third. And the Caller ID-TV combo, (where I can see who’s calling in the middle of my favorite TV show, because the name or phone number pops up on the screen) is definitely a fourth. If I can’t tell who’s calling, I ignore it. (Truth be told, I often ignore it even when I can! Please don’t tell my family or friends.)
In a similar way—and for a lot less money—I like the synergy of the triple play of Trend Micro’s Mobile Security, Privacy Scanner for Facebook, and Mobile Backup and Restore apps. I get protection against malware and viruses with the first app; protection for my privacy with the first and second; and protection for my data and devices with the first and third.
This message will self-destruct in five seconds. That’s the premise behind SnapChat and is hailed as the new Instagram. The app currently sends over 1,000 pictures every second and here’s how it works:
You take a picture and pick who you want to send it to. You then choose how long that picture will stay on their phone before it “self-destructs.” The app is alleged to even warn senders if recipients attempt to create a screen capture of self-destructing materials.
The first function of the app that comes to mind is that it could be a safe way to “sext.” Dig a little deeper and it’s not that difficult to think of other nefarious ways to use SnapChat. It could be used to distribute answers on a test. Or, you could use to help set up drug deals or to secretly communicate with your mistress. The list could go on forever, but I think you get the picture.
“Can you hear that?” my mother shouts arm’s length distance from the phone.
“What am I listening for?” I reply.
“A buzzing and whooshing sound, coming from my computer,” she yells again.
This is just an example of the tech support request calls I get regularly from my cute little mama. She only calls about once a month or less for her gadget questions, but I can’t say how many times she’s calling her wireless Internet provider.
According to a recent survey we conducted at Trend Micro to commemorate Mother’s Day, about a quarter of you are in the same boat as me, getting these calls about once a month (the survey dives into perceptions of moms’ technology and device knowledge). My heart goes out to the eight percent of you who said their tech-challenged moms contact them once a day (Mother’s Day Gift Idea: Premium Tech Support Package from Trend Micro and read Mike Miley’s blog). Yikes.
Any day can be Mother’s Day—especially when mom needs help with her computer! The phone will ring and her frustrated voice will be on the line with one or more complaints. Here’s a typical list:
“I can’t get my email.”
“I’m getting an error message when I try to print.”
“How do I create new folders in my email or on my desktop?”
“My browser is acting funny whenever I try to browse the web. Can you fix it?”
“Everything seems really slow. Can you speed up my computer?
“I think I might have a virus. I’m getting a weird popup message saying something about a firewall violation. What should I do?”
Rather than rush across town to fix these or other problems in the midst of my workday (or in the evening when I’m trying to relax), I’ve installed software called LogMeIn on her computer, so I can access and manage it remotely.
Over the past few months, I have written Fearless Web blogs about the growing problem of stolen and lost smartphones and mobile devices. It was my hope that by shedding some light on these often avoidable incidents that this nonsense would cease.
And yet it hasn’t. In fact, it seems to have gotten worse. It’s like the whole world is not reading my blogs nor taking my advice. Obviously, this annoys me greatly.
If you read today’s New York Times front page story titled Cellphone Thefts Grow, but the Industry Looks the Other Way, you would learn that the “new nationwide database for stolen cellphones, which tracks a phone’s unique identifying number to prevent it from being activated, theoretically discouraging thefts…has not helped stanch the ever-rising numbers of phone thefts, in part because many stolen phones end up overseas, out of the database’s reach, and in part because the identifiers are easily modified.”
Grrrrrr. And, surprise, surprise, this article suggests that the mobile phone industry isn’t all that concerned nor interested in adding more security features because, if you have to buy a new phone after one is lost or stolen, well, that’s more money in their pockets.
By Jamie Haggett
I’m sure you’ve watched the news in the last few months and have seen a ton of high profile hacks on Twitter, including big brands such as Jeep, Burger King, and most recently the Associated Press (AP). I think the average person outside of the computer world is left wondering a few things:
- How and why are these accounts being hacked? I would assume these organizations would have nice long, complex passwords to protect their accounts, wouldn’t you?
- If they can’t keep themselves safe, how am I expected to?
- What is this two-factor authentication thing I keep hearing about and will it keep me safe?