Go to:

June 2018
< May Jul >
Leaguer Email Subscription

You are not currently subscribed. Click Subscribe below to receive the Leaguer email.

How Tax Time Can Be Worse
Tuesday, April 4, 2017 6:35 AM

Michael Salyer, IT Analyst, Credit Union Resources

We dread this time of year when we gather all our income statements and receipts to begin the dance of how much we owe Uncle Sam. Unfortunately, crooks also know that this time of year is ripe for fraud. With last-night tax filers already stressed, social engineers are hard at work. Per, “The Internal Revenue Service (IRS) has released an alert warning of phishing email scams targeting last-minute tax filers. The alert describes common features of these cybercrimes and includes recommendations to protect against them: strengthen passwords, recognize phishing attempts, and forward suspicious emails to”

Let’s go over a little about what social engineering is and how everyone must remain vigilant. Social engineering, in a nutshell, is the act of manipulating people into performing actions or divulging confidential information, rather than by breaking in or using technical hacking techniques. Basically, it’s non-technical hacking. Some information they’re looking for includes (but is not limited to):

  1. Full name
  2. Address / phone numbers (past and present)
  3. Date of birth
  4. Social security number
  5. Mother’s maiden name
  6. Children’s name
  7. Loan information
  8. Account numbers
  9. Passwords

Special attention should be paid to the bolded entries. SSN’s and account numbers are often used by credit union members as their online banking login. You may not always have control over this, but we urge you to work with your vendor to have the system use a unique login ID.

Another strong fraud prevention measure is use of strong passwords. If you’ve seen us mention this in blogs and presentations in the past, it just shows how vital this is. Instead of simply using a password, try a passphrase. Think of a simple phrase that’s easy for you memorize but would be hard for anyone else to guess. Take the first letter of each word to form your new password. You can alternate upper and lower case letters, as well as substitute numbers and special characters for additional security.

And finally, phishing. This is probably one of the most popular attempts at fraud. If you ever receive an email, especially from someone or somewhere you don’t recognize, NEVER click on the link or open an attachment. If it’s some kind of notice about a bill or an online account, open your browser and go directly to the site before entering any information. If you think you’ve received one, please follow the steps above and forward

Today more than ever, online safety and vigilance is essential. Besides following the safety tips listed above, it’s a good idea to subscribe to If you’ve ever heard about a virus outbreak or a software vulnerability on the nightly news, odds are US-CERT released a warning at least a week ago. Hopefully, this will help you have a merry tax season, won’t have to pay too much (“sorry kids, no vacation this year”), or receive a nice refund (new boat!).