CyberheistNews Vol 7 #36   |   Sept. 11th., 2017

Scam of the Week: Equifax Phishing Attacks

You already know that a whopping 143 million Equifax records were compromised. The difference with this one is that a big-three credit bureau like Equifax tracks so much personal and sometimes confidential information like social security numbers, full names, addresses, birth dates, and even drivers licenses and credit card numbers for some.

It can be the difference between being able to buy a house or sometimes even get a job or not. This breach and the way they handled it, including the announcement, was what Brian Krebs rightfully called a dumpster fire.

The problem is that with this much personal information in the hands of the bad guys, highly targeted spear phishing attacks can be expected, and a variety of other related crime like full-on identity theft on a much larger scale.

These records are first going to be sold on the dark web to organized crime for premium prices, for immediate exploitation, sometimes by local gangs on the street. Shame on Equifax for this epic fail. They will be sued for billions of dollars for this web-app vulnerability.

So this Scam of the Week covers what is inevitable in the near future, we have not seen actual Equifax phishing attacks at this point yet, but you can expect them in the coming days and weeks because the bad guys are going to take their most efficient way to leverage this data… email.

I suggest you send the following to your employees, friends, and family. You’re welcome to copy, paste, and/or edit:

“Cyber criminals have stolen 143 million credit records in the recent hacking scandal at big-three credit bureau Equifax. At this point you have to assume that the bad guys have highly personal information that they can use to trick you. You need to watch out for the following things:

  • Phishing emails that claim to be from Equifax where you can check if your data was compromised
  • Phishing emails that claim there is a problem with a credit card, your credit record, or other personal financial information
  • Calls from scammers that claim they are from your bank or credit union
  • Fraudulent charges on any credit card because your identity was stolen

Here are 5 things you can do to prevent identity theft:

  • First sign up for credit monitoring (there are many companies providing that service including Equifax but we cannot recommend that)
  • Next freeze your credit files at the three major credit bureaus Equifax, Experian and TransUnion. Remember that generally it is not possible to sign up for credit monitoring services after a freeze is in place. Advice for how to file a freeze is available here on a state-by-state basis: http://consumersunion.org/research/security-freeze/
  • Check your credit reports via the free annualcreditreport.com
  • Check your bank and credit card statements for any unauthorized activity
  • If you believe you may have been the victim of identity theft, here is a site where you can learn more about how to protect yourself: www.idtheftcenter.org. You can also call the center’s toll-free number (888-400-5530) for advice on how to resolve identify-theft issues. All of the center’s services are free.

And as always, Think Before You Click!

It’s only early days in this hack, there will be a lot more information coming out in the days ahead. We will keep you updated when more news is available.

Let’s stay safe out there!

Warm Regards,
Stu Sjouwerman
Founder and CEO
KnowBe4, Inc.


Below are a few security tips to help protect your Company from Online fraud.

· It is highly suggested that the Company’s Primary user have a separate login for conducting Cash Management transactions and for administrating the Cash Management program. If the Company Administrators transaction credentials are compromised, then fraudsters would not have access to all controls including creating sub users to allow access for approving transactions.

· The Company should allow only one designated machine in the office for conducting Cash Management transactions. This machine should not be allowed to be used to surf the internet, check email, etc.

· The Primary user should use a dedicated machine which should be physically secured and password protected.

· The computer used for Cash Management should be physically secured, behind a physical firewall, and be placed on its own subnet (logical partitioning) if possible.

· Security patches should be applied to the machine and kept up to date.

· Anti-Virus, anti-spyware and anti-malware should be installed on the computer and be maintained up to date.

· Close all other applications and browser windows before initiating Cash Management.

· Do not share any passwords.

· Create strong internal controls.

· Delete inactive or terminated users.

Newsletter: EPCOR Inside Origination October 2017


It’s tax time again!  Here are a few tips to keep in mind when you are filing this year.  These may not apply to every, and we highly recommend you consult your accountant or tax professional to make sure your return is filled out properly and that you will receive the maximum refund available to you.

1. Retirement plan contributions

If you have a 401(k) through your employer, be sure you are contributing the maximum amount allowed, especially if your company will match all or a portion of your contribution.  Not only will this benefit you in your retirement, but the funds are tax-deferred, and will increase without being taxed.  Check with your employer to see what their policy is on matching your contribution, if you don’t already know.

If your company does not offer a 401(k), or you are self-employed, then another option is an Individual Retirement Account through your financial institution.  The two main types of IRA’s are Traditional or Roth IRA’s.  Traditional IRA’s could offer a tax deduction for the year the contribution is made, but both will earn interest that is tax deferred.  Check with your accountant on which would be the best option for you, and to work out the best plan for utilizing one of these accounts.

2. Check your withholding

The IRS legally has to hold all funds on returns that claim the earned income tax credit or additional child tax credit until February 15th.  This was put in place to give the IRS time to detect and prevent tax fraud.  So check your W-4 and see if you would like to adjust your withholding amount.

3. EITC

If you earned less than $53,505 in 2016 then you can claim the earned income tax credit on your return.  The IRS has the EITC Assistant tool to help you determine if you qualify for the tax credit.  Don’t miss out on money that is yours!

4. Identity Protection PIN

The IRS now uses an Identity Protection PIN, or IP PIN that you must provide on your tax return every year.  They enacted this to try and battle identity theft and tax fraud.  The PIN changes EVERY YEAR!  In order to retrieve your PIN you must go to www.irs.gov to retrieve it.

5. Donate without being penalized

The annual exclusion for gifts for 2016 is $14,000 if you are filing single, and $28,000 if you are married.  If you gave over this amount you must fill out a Form 709 to report it on your tax return.  This amount changes from time to time, so be sure your check each year to make sure there have not been any changes.  If you received a gift under this amount you do not have to do anything!