A New Way to Report Tax Identity Theft

Identity theft is hard enough. That’s why we keep working to make recovering from it easier. It’s also why we’re happy to let you know about an innovative project by the FTC and IRS that lets people report tax-related identity theft to the IRS online, using the FTC’s IdentityTheft.gov website to file IRS Form 14039.

Tax-related identity theft happens when someone uses your stolen Social Security number (SSN) to file a tax return and claim your refund. You might find out about it when you try to e-file — only to find that someone else already has submitted a return — or when the IRS sends you a letter saying it has identified a suspicious tax return that used your SSN. That’s when you’ll need to file an IRS Identity Theft Affidavit (IRS Form 14039), so that the IRS can begin resolving your case.

Now, you can report to the IRS through IdentityTheft.gov. It’s the only place you can submit your IRS Form 14039 electronically. Here’s how it works: IdentityTheft.gov will first ask you questions to collect the information the IRS needs, then use your information to populate the Form 14039 and let you review it. Once you’re satisfied, you can submit the Form 14039 to the IRS through IdentityTheft.gov. Download a copy for your own records, too. About 30 days later, the IRS will send you a letter confirming it received the information.

While you’re at IdentityTheft.gov, you’ll also get help making an identity theft recovery plan, with guidance including how to place a fraud alert on your credit files, check your credit reports, and take other steps to stop the identity theft from harming other of your accounts. IdentityTheft.gov also will help you resolve other identity theft problems.

Remember, though — filing the Affidavit doesn’t eliminate the need to pay your taxes. If you couldn’t e-file your tax return, you’ll still need to mail it to the IRS and pay any taxes you owe.

New Android Malware Secretly Records Phone Calls and Steals Private Data

Security researchers at Cisco Talos have uncovered variants of a new Android Trojan that are being distributed in the wild disguising as a fake anti-virus application, dubbed "Naver Defender."

Dubbed KevDroid, the malware is a remote administration tool (RAT) designed to steal sensitive information from compromised Android devices, as well as capable of recording phone calls.

Talos researchers published Monday technical details about two recent variants of KevDroid detected in the wild, following the initial discovery of the Trojan by South Korean cybersecurity firm ESTsecurity two weeks ago.

The most recent variant of KevDroid malware, detected in March this year, has the following capabilities:

  • record phone calls & audio
  • steal web history and files
  • gain root access
  • steal call logs, SMS, emails
  • collect device' location at every 10 seconds
  • collect a list of installed applications

How to Keep Your Smartphone Secure

Android users are advised to regularly cross-check apps installed on their devices to find and remove if any malicious/unknown/unnecessary app is there in the list without your knowledge or consent.

Such Android malware can be used to target your devices as well, so you if own an Android device, you are strongly recommended to follow these simple steps to help avoid this happening to you:

  • Never install applications from 3rd-party stores.
  • Ensure that you have already opted for Google Play Protect.
  • Enable 'verify apps' feature from settings.
  • Keep "unknown sources" disabled while not using it.
  • Install anti-virus and security software from a well-known cybersecurity vendor.
  • Regularly back up your phone.
  • Always use an encryption application for protecting any sensitive information on your phone.
  • Never open documents that you are not expecting, even if it looks like it's from someone you know.
  • Protect your devices with pin or password lock so that nobody can gain unauthorized access to your device when remains unattended.
  • Keep your device always up-to-date with the latest security patches.

 

Going on Spring Break? Protect Your Smart Devices When Traveling

Whether it’s because we need to video chat with family members, share selfies or keep in touch with clients from work, most of us want to stay connected to the internet while traveling. However, being away from your home or work network also increases the risk of cybercrime. According to an Experian study, 33 percent of the 15 million Americans who have been victims of identity theft had their devices hacked while traveling, so it’s very important to protect connected devices before taking off and while on vacation.

Before Traveling

Many cases of cybercrime and identity theft can be prevented if you implement a few security measures before leaving. Some of these may sound a bit extreme, but keep in mind that things that may seem worthless to you are essential for hackers.

  • Update your operating system (OS) and apps. Most OS and app updates include security patches, so many sure you install them before leaving.
  • Check that you have your firewall and/or anti-virus software enabled and the virus definitions up to date.
  • Set up a start-up password or PIN for your device. Avoid simple passwords such as qwerty123 or password, because those are easy to break. Make your password a passphrase or sentence that’s at least 12 characters long, and change the settings so that a device is blocked after three unsuccessful attempts.
  • Activate the passcode, pattern or fingerprint scanner to unlock your phone.
  • Install a Find My Phone app and/or a remote wipe app so you can easily disable access in case it is lost or stolen.
  • Disable the Remember Me option from websites.
  • Revise your account passwords. If you’re using the same passwords for multiple sites, which you shouldn’t be doing anyway, change them. If you’re using your phone for banking, make sure you have strong, unique password.
  • Delete sensitive information from your device and store it on a remote hard drive at home. This includes personal photos, classified work documents, photo copies of your IDs, notes with bank account details or passwords – basically, any kind of information that you wouldn’t want a stranger to see.
  • Password-protect personal files and folders.
  • If you travel with both your laptop and your phone, enable strong authentication on those devices and the apps and websites you use.
  • Delete your cookies and disable autofill features.
  • Turn off location tracking and Bluetooth. Only turn on the GPS while using maps to find your way. Bluetooth drains your battery and could allow hackers to access your phone.

While Away

Once you’ve taken these security measures, the risk of being hacked while on vacation will be lower. However, some mistakes can still make your devices vulnerable; here are some online safety tips for while you’re on the go:

  • Disable Wi-Fi while you’re not using it so your phone doesn’t connect automatically to networks set up by hackers.
  • Avoid public Wi-Fi. Although using free public Wi-Fi seems convenient on vacation, it can come at a cost. Public unsecured networks are very vulnerable because any information transferred between your device and the computer you are accessing can be intercepted by anyone using the network. This includes everything from usernames and password to private personal data – even if the website you’re accessing has an https address. Security experts recommend not using free public Wi-Fi at all. If there’s an emergency and you need to use the internet, consider using a virtual private network (VPN) or your smartphone’s hotspot for a safer connection.

After Coming Back

You can’t always tell right away that you’ve been hacked. Sometimes, it takes days or even weeks for suspicious device behavior, so these are some final security tips for more peace of mind:

  • Check your activity log on social media to make sure there wasn’t any suspicious activity while traveling.
  • If you use your phone for payments, check your bank account statement for unauthorized purchases. If you see the smallest transaction that you don’t remember making, contact your bank right away.

Last, but not least, remember that a hacker doesn’t always need high-end tools and devices to gain access to someone’s phone or laptop, and they can easily rely on social engineering. Most attacks are caused by human error, so be careful who you trust while traveling to better manage your privacy.

How to Make Your Internet Faster with Privacy-Focused 1.1.1.1 DNS Service

Cloudflare, a well-known Internet performance and security company, announced the launch of 1.1.1.1—world's fastest and privacy-focused secure DNS service that not only speeds up your internet connection but also makes it harder for ISPs to track your web history.

Domain Name System (DNS) resolver, or recursive DNS server, is an essential part of the internet that matches up human-readable web addresses with their actual location on the internet, called IP addresses.

Since the default DNS services provided by ISPs are often slow and insecure, most people rely on alternative DNS providers—such as OpenDNS (208.67.222.222), Comodo DNS (8.26.56.26) and Google (8.8.8.8), to speed up their Internet.

But if you use Cloudflare new 1.1.1.1 DNS service, your computer/smartphone/tablet will start resolving domain names within a blazing-fast speed of 14.8 milliseconds—that's over 28% faster than others, like OpenDNS (20.6ms) and Google (34.7ms).

However, Cloudflare has changed this game with its new free DNS service, which it claims, will be "the Internet's fastest, privacy-first consumer DNS service," promising to prevent ISPs from easily tracking your web browsing history.
 

How to Change DNS Settings to Boost Internet Speed

For Macs:

  • Open System Preferences.
  • Search for DNS Servers and tap it.
  • Click the + button to add a DNS Server and enter 1.1.1.1 and 1.0.0.1 (for redundancy).
  • Click Ok and then Apply.

For Windows Computers:

  • Tap Start and then click on Control Panel.
  • Click on Network and Internet, and then tap Change Adapter Settings.
  • Right-click on the Wi-Fi network you are connected to, then click Properties.
  • Select Internet Protocol Version 4 and click Properties, and then write down any existing DNS server entries for future reference.
  • Now tap Use The Following DNS Server Addresses, and replace those addresses with the 1.1.1.1 DNS addresses: For IPv4: 1.1.1.1 and 1.0.0.1; and For IPv6: 2606:4700:4700::1111 and 2606:4700:4700::1001
  • Click OK, then Close, and Restart your browser.

For Android Devices:

  • Connect to your preferred WiFi network.
  • Enter your router’s gateway IP address in your browser. Fill in your username and password, if asked.
  • In your router’s configuration page, locate the DNS server settings, and enter any existing DNS server entries for future reference.
  • Replace those addresses with the 1.1.1.1 DNS addresses: For IPv4: 1.1.1.1 and 1.0.0.1, and For IPv6: 2606:4700:4700::1111 and 2606:4700:4700::1001
  • Save your settings, then restart your browser.

Note: Android requires a static IP to use custom DNS servers. This setup requires additional setup on your router, affecting your network’s strategy for adding new devices to the network. Cloudflare recommends configuring your router’s DNS instead, which gives all devices on your network the full speed and privacy benefits of 1.1.1.1 DNS.

For iOS Devices (iPhone/iPad):

  • From your iPhone's home screen, open Settings.
  • Open Wi-Fi and then your preferred network in the list.
  • Tap Configure DNS, and then click on Manual.
  • If there are any existing entries, tap the - button, and Delete next to each one.
  • Now, add 1.1.1.1 and 1.0.0.1 (as alternate DNS server for redundancy) to the DNS address.
  • Now, tap the Save button on the top right.

You’re all set to go! Your device now has faster, more private DNS servers.

How To Prevent Cloud Data Storage Risks

Have you ever lost a really important document on your computer? Or had a computer that simply failed to turn on one day, and you never saw your files again? Or dropped your phone in the toilet? If so, you aren’t alone. This very common problem is what prompted digital strategy consultant Ismail Jadun to found World Backup Day, “a day for people to learn about the increasing role of data in our lives and the importance of regular backups.”

According to World Backup Day, 30 percent of people have never backed up, 113 phones are lost or stolen every minute and 1 in 10 computers are infected with viruses each month – all very crucial reasons why backing up is of paramount importance to our increasingly digital lives.

There are two main ways for individuals to back up their digital information (which includes everything from your family photos to financial documents, music and emails): via an external drive or using cloud/internet solutions.

As of 2018, approximately 1.9 billion people are using cloud storage, a number that’s forecasted to grow to 2.3 billion in 2020. While cloud storage is a great solution, it’s important to acknowledge the risks of using the cloud for storing data and collaboration. The more aware of those risks you are, the better you’ll be able to avoid them.

Mitigating 3 Risks of Cloud Storage

Risk #1 – Cybercrime

By 2021, the damage caused by cybercrimes like data hacks and security breaches is projected to cost a total of $6 trillion annually, which will represent the greatest transfer of economic wealth in history…and will be more profitable than the global trade of all major illegal drugs combined.

When it comes to following data storage best practices, there is still nothing that can guarantee your information won’t get compromised. Knowing that, one of the most important things you can do is to catch it early. In other words, if you happen to fall victim to a data breach (of which the company may not even notify you of right away), you’ll likely notice unfamiliar activity on your financial statements or a sudden inexplicable change to your credit score.

What to do: Take steps to prevent criminals from stealing your data by seeking a data storage provider who offers high-quality encryption and uses end-to-end encryption when transmitting your data. Make sure the company doesn’t log data and has processes in place to keep staff away from consumer IDs.

Risk #2 – Data Ownership

Cloud storage is relatively new, and the U.S. government can sometimes take a while to catch up. Lawmakers have brought up the issue of whether or not storing your data online somehow affects your ownership of it, and it’s an issue that has yet to be firmly resolved.

What to do: A quality cloud storage provider will give you a contract which clearly states who owns the data you store. As tempting and easy to do as it is, do not gloss over the license agreement when you sign up for a service. Make sure you read and understand every term and condition.

Risk #3 — Outages

While very rare, there is always a chance that your cloud service could experience an outage at the hand of a cloud bug, which can completely shut service down and prove disastrous, meaning you could lose everything.

What to do: Thankfully, many top cloud storage services have built-in safety features, including doubling up your data. Look for these services plus companies who don’t have a history of outages.

Of course, the best backup plan includes multiple forms of backing up, given that there really is no one perfect solution. In this case, we recommend having a physical backup, such as an external USB hard drive, in addition to your cloud storage.