Mobile Devices: The Next Target for Cyber Criminals

By: Anders Erickson, CISA, CISSP, CRISC

In the most recent Threat Intelligence Report publish by Nokia, researchers found that software viruses or malware infecting mobile devices (e.g., cell phones and tablets) had increased 83 percent in the second half of 2016.  The report suggests that this increase represents a shift from hackers targeting traditional computers to going after mobile devices.  One of the most common methods of infecting mobile devices is through “Trojan” apps.  Like the Trojan Horse of Greek mythology, these apps look like a game or something harmless but when they are installed on a mobile device, they execute malware that allows a hacker to access or steal data from that device.  One thing users can do to protect themselves from these types of viruses is to avoid downloading apps from locations other than the Apple or Android app store.

Many nonprofits allow their employees to access organizational data through their mobile devices.  Whether that’s emails, files, or the corporate directory, the access they provide to their employees represents a significant business risk.  If not properly protected, malware infecting an employee’s mobile device can place our client’s data in jeopardy.  Eide Bailly’s Cyber Security team can assist your clients in protecting their data on mobile devices by:

  • Helping establish a secure mobile device policy;
  • Implementing mobile device management (MDM) software, which allows our clients to safeguard corporate data on their employees’ mobile devices; and
  • Educating employees on the dangers of mobile devices and how they can help protect themselves and their organization.

If you have any questions about these services or would like to better understand how we can help our clients feel more confident about their cyber security, please contact Anders Erickson, Director of Cyber Security Services, at aerickson@eidebailly.com or (208)383-4731.

Dangerous W-2 Phishing Scam: Reporting Update

By: Anders Erickson, CISA, CISSP, CRISC

As we reported on March 7, 2017, the IRS has provided notice of a dangerous email scam that is impacting employers, including tax exempt entities. The scammer poses as an internal executive requesting employee Form W-2 and Social Security numbers. The IRS has established a process that will allow employers and payroll service providers to quickly report any data losses related to the W-2 scam. Read the IRS update, Form W-2/SSN Data Theft: Information for Businesses and Payroll Service Providers for more information. If notified in time, the IRS can take steps to prevent employees from being victimized by identity thieves filing fraudulent returns in their names. There also is information about how to report receiving the scam email even if you did not fall victim.

Eide Bailly has cyber security and computer forensic experts that can help organizations prevent or respond to these and other cyber threats.  Please contact your Eide Bailly representative or Eide Bailly’s Cyber Security Leader, Anders Erickson at 208.383.4731 or email aerickson@eidebailly.com for more information.

Dangerous W-2 Phishing Scam Evolving, Targets Include Nonprofits

By: Anders Erickson, CISA, CISSP, CRISC

“This is one of the most dangerous email phishing scams we’ve seen in a long time. It can result in the large-scale theft of sensitive data that criminals can use to commit various crimes, including filing fraudulent tax returns. We need everyone’s help to turn the tide against this scheme,’’ said IRS Commissioner John Koskinen referring to the phishing scam resulting in theft of W-2 information across many industries including nonprofit organizations.

Cyber criminals are using spoofing techniques to disguise an email making it appear as if it is coming from an executive within the organization so that the recipient (usually in the payroll or HR department) feels compelled to respond. The cyber-criminal is asking for a list of employees with their W-2s and intend to use this information in order to fake a tax return and fraudulently collect an employee’s return before they have a chance to file themselves. Cyber criminals may also be asking to wire money as a part of this scam and continue to evolve their scams.

If you believe that your organization has been a victim of these types of scams you can take many steps at the organization level:

  • Report the W-2 thefts to the IRS immediately so that they can begin to help protecting the employees from tax-related identity theft. Forward to phishing@irs.gov and place “W2 Scam” in the subject line.
  • File a complaint with the Internet Crime Complaint Center (IC3,) operated by the Federal Bureau of Investigation.

If you are an employee who’s W-2 has been stolen:

  • You should review the recommended actions by the Federal Trade Commission at www.identitytheft.gov or the IRS at www.irs.gov/identitytheft.
  • File a Form 14039, Identity Theft Affidavit, if your tax return gets rejected because of a duplicate Social Security number and/or if instructed to do so by the IRS.

If your organization is lucky enough to have avoided such scams so far, there are measures to take to protect and prevent attacks ahead of time.

  • Consult cyber security experts about how to establish a culture of security at your organization
  • Enact policies and procedures safeguarding the handling of W-2s during tax season
  • Encourage your employees to be safe online and avoid to scam site fronting as Tax Return eServices sites.

Eide Bailly has cyber security and computer forensic experts that can help organizations prevent or respond to these and other cyber threats.  Please contact your Eide Bailly representative or Eide Bailly’s Cyber Security Leader, Anders Erickson at 208.383.4731 or email aerickson@eidebailly.com for more information.

What you need to know about Ransomware

By: Tim McCutcheonTim McCutcheon

Ransomware is a software that locks users out of their computer or specific files until a “fee” is paid to release the lock and these attacks on organizations have become ever more common. Any organization that relies on real-time or near-real-time access to data may be subject to an attack. Although there has been a rise in the number of attacks, the full implications are still being understood and worked out. Read this article by PoynerSpruill to learn more about Ransomware and what is known on these attacks.