IRS: Scam Blends CEO Fraud, W-2 Phishing



  • Most regular readers here are familiar with CEO fraud — e-mail scams in which the attacker spoofs the boss and tricks an employee at the organization into wiring funds to the fraudster. Loyal readers also have heard an earful about W-2 phishing, in which crooks impersonate the boss and request a copy of all employee tax forms. According to a new “urgent alert” issued by the U.S. Internal Revenue Service, scammers are now combining both schemes and targeting a far broader range of organizations than ever before.

    athookThe IRS said phishers are off to a much earlier start this year than in tax years past, trying to siphon W-2 data that can be used to file fraudulent refund requests on behalf of taxpayers. The agency warned that thieves also appear to be targeting a wider range of organizations in these W-2 phishing schemes, including school districts, healthcare organizations, chain restaurants, temporary staffing agencies, tribal organizations and nonprofits.

    Perhaps because they are already impersonating the boss, the W-2 phishers feel like they’re leaving money on the table if they don’t also try to loot the victim organization’s treasury: According to the IRS, W-2 phishers very often now follow up with an “executive” email to the payroll or comptroller requesting that a wire transfer be made to a certain account.

    “This is one of the most dangerous email phishing scams we’ve seen in a long time,” IRS Commissioner John Koskinen said. “Although not tax related, the wire transfer scam is being coupled with the W-2 scam email, and some companies have lost both employees’ W-2s and thousands of dollars.”

    The Federal Bureau of Investigation (FBI) has been keeping a running tally of the financial devastation visited on companies via CEO fraud scams. In June 2016, the FBI estimated that crooks had stolen nearly $3.1 billion from more than 22,000 victims of these wire fraud schemes.

    First surfacing in February 2016, the W-2 phishing scams also have netted thieves plenty of victims. At one point last year I was hearing from almost one new W-2 phishing victim each day. Some of the more prominent companies victimized by W-2 scams last year included Seagate Technology, Moneytree, Sprouts Farmer’s Market, and EWTN Global Catholic Network.

    As noted earlier this week, scammers also are now selling 2016 employee W-2 forms that were phished or otherwise stolen from victim organizations, peddling individual W-2 tax records for between $4 and $20 apiece.

    Tax refund fraud affects hundreds of thousands, if not millions, of U.S. citizens annually. Victims usually first learn of the crime after having their returns rejected because scammers beat them to it. Even those who are not required to file a return can be victims of refund fraud, as can those who are not actually due a refund from the IRS.

    The IRS says organizations receiving a W-2 scam email should forward it to phishing@irs.gov and place “W2 Scam” in the subject line. Organizations that receive the scams or fall victim to them should file a complaint with the Internet Crime Complaint Center (IC3,) operated by the FBI.

    Employees whose Forms W-2 have been stolen should review the recommended actions by the Federal Trade Commission at www.identitytheft.gov or the IRS at www.irs.gov/identitytheft. Employees should file a Form 14039 (PDF) Identity Theft Affidavit, if the employee’s own tax return rejects because of a duplicate Social Security number or if instructed to do so by the IRS.

    W-2 forms are prized by ID thieves because they feature virtually all of the data needed to file a fraudulent tax refund request with the IRS in a victim’s name, including the employer name, employer ID, address, taxpayer address, Social Security number and information about 2016 wages and taxes withheld.

    According to recent stats from the Federal Trade Commission, tax refund fraud was responsible for a nearly 50 percent increase in consumer identity theft complaints in 2015. The best way to avoid becoming a victim of tax refund fraud is to file your taxes before the fraudsters can.

    The FBI urges businesses to adopt two-step or two-factor authentication for email, where available, and to establish other communication channels — such as telephone calls — to verify significant banking transactions. Businesses are also advised to exercise restraint when publishing information about employee activities on their Web sites or through social media, as attackers perpetrating CEO fraud schemes often will try to discover information about when executives at the targeted organization will be traveling or otherwise out of the office.

    https://krebsonsecurity.com/2017/02/irs-scam-blends-ceo-fraud-w-2-phishing/


Log in to reply
 



Tmux Commands

screen and tmux

A comparison of the features (or more-so just a table of notes for accessing some of those features) for GNU screen and BSD-licensed tmux.

The formatting here is simple enough to understand (I would hope). ^ means ctrl+, so ^x is ctrl+x. M- means meta (generally left-alt or escape)+, so M-x is left-alt+x

It should be noted that this is no where near a full feature-set of either group. This - being a cheat-sheet - is just to point out the most very basic features to get you on the road.

Trust the developers and manpage writers more than me. This document is originally from 2009 when tmux was still new - since then both of these programs have had many updates and features added (not all of which have been dutifully noted here).

Action tmux screen
start a new session tmux OR
tmux new OR
tmux new-session
screen
re-attach a detached session tmux attach OR
tmux attach-session
screen-r
re-attach an attached session (detaching it from elsewhere) tmux attach -d OR
tmux attach-session -d
screen -dr
re-attach an attached session (keeping it attached elsewhere) tmux attach OR
tmux attach-session
screen -x
detach from currently attached session ^b d OR
^b :detach
^a ^d OR
^a :detach
rename-window to newname ^b , <newname> OR
^b :rename-window <newn>
^a A <newname>
list windows ^b w ^a w
list windows in chooseable menu ^a "
go to window # ^b # ^a #
go to last-active window ^b l ^a ^a
go to next window ^b n ^a n
go to previous window ^b p ^a p
see keybindings ^b ? ^a ?
list sessions ^b s OR
tmux ls OR
tmux list-sessions
screen -ls
toggle visual bell ^a ^g
create another window ^b c ^a c
exit current shell/window ^d ^d
split window/pane horizontally ^b " ^a S
split window/pane vertically ^b % ^a |
switch to other pane ^b o ^a <tab>
kill the current pane ^b x OR (logout/^D)
collapse the current pane/split (but leave processes running) ^a X
cycle location of panes ^b ^o
swap current pane with previous ^b {
swap current pane with next ^b }
show time ^b t
show numeric values of panes ^b q
toggle zoom-state of current pane (maximize/return current pane) ^b z
break the current pane out of its window (to form new window) ^b !
re-arrange current panels within same window (different layouts) ^b [space]
Kill the current window (and all panes within) ^b killw [target-window]
  • Researchers are warning of a new Netflix phishing scam that leads to sites with valid TLS certificates.

    https://threatpost.com/new-phishing-scam-reels-in-netflix-users-to-tls-certified-sites/132976/

    read more
  • A new botnet from the Dark Web displays a never-before-seen level of complexity in terms of the sheer breadth of its various tools.

    https://threatpost.com/mylobot-botnet-emerges-with-rare-level-of-complexity/132967/

    read more
});