Posts Tagged ‘security’

The following is a news alert that we received from Thomson Reuters/PPC, the tax research service to which we subscribe.  It is very disturbing, and all our clients and friends of the firm should be aware of it:

Consumers and Tax Professionals Targeted in IRS E-mail Schemes:  The IRS has seen an approximate 400% surge in phishing and malware incidents so far this tax season. The emails are designed to trick taxpayers into responding to official communications that lead to websites designed to imitate official looking websites. The sites ask for social security numbers and other personal information. The sites also carry malware which infect computers and allow criminals to access files or track keystrokes to gain information. “While more attention has focused on the continuing IRS phone scams, we are deeply worried this increase in email schemes threatens more taxpayers,” Koskinen said. Tax professionals also are reporting phishing schemes to obtain their online credentials. If a taxpayer receives an unsolicited email that appears to be from either the IRS e-services portal or an organization closely linked to the IRS, report it by sending it to phishing@irs.gov. IR-2016-28.

Rules of Thumb:

  • If the “IRS” or “Treasury Department” calls you threatening legal action against you for a tax issue of which you are unaware, hang up – IT IS A HOAX!  As we have pointed out in earlier blog posts, the IRS will never initiate action against you without following strict protocol and they will certainly not call you about something without corresponding with you in writing beforehand.
  • Similarly with e-mail – if an e-mail claims to be an official communication, don’t believe it.  Actually, try not to open it to avoid malware issues.  The bottom line is, the IRS does not use e-mail for “official communication.”[1]  However, if you have a doubt about the authenticity of an e-mail, you can call the IRS at the appropriate number (found at:  https://www.irs.gov/uac/Telephone-Assistance) and speak with them about it.  And, of course, consider reporting the incident as indicated above.

The Internet is a wonderful thing, but with the good comes the bad, and the ability to defraud uninformed taxpayers is right up there with the bad.  Don’t let these geeky, tech-savvy criminals take a bite out of you.

[1] If you are already under examination and working with an agent, s/he may use e-mail to communicate with you, but you will already know who s/he is.  In any event, the communication will not be “official.”

Read Full Post »

Have you ever broken all the rules and written down your login credentials for your various accounts?  I’m talking about the keys to the kingdom here:  name of institution, account number, user ID and password?  They tell us not to do this but boy, I have a hard enough time remembering my login information for the company network, let alone about 40 other sets of such data!

But why am I complaining – it’s easy, right?  Take it from our own IT guru, Jim Bourke:

When selecting a password, please select passwords that are complex, but still easy for YOU to remember without the need to store the password.

For example….


How do I remember this?

JJ – Represents my first initial and that of my wife

ebk – First initials for my children. They are in lower case because they are my children!

? – Because we are still asking ourselves why we decided to have 3 kids

311 – Because it is Mickey Mantle’s rookie card and the only Topps baseball card that I do not own

198b – Because I started at WSB in 1986 but I changed the “6” to a “b” just to make it a little more complex

The above password is not a super complex password, but it is a password that is more secure than one which you would otherwise create. On another note, it is not my password, but it is one that only I could easily remember!

Really?  Maybe the password itself is not super complex, but the algorithm for getting there – oy, why can’t I just use my home phone number as a password?

All kidding aside, data protection is critical.  People pay good money to find ways to protect their data from hackers yet the hackers always still seem to be one step ahead of us.  Sometimes, without thinking, we expose ourselves when using unprotected wireless networks to interface with what should be secure data.  On the other end of the spectrum, widespread data breaches in the corporate and government sector make us worry about not if, but when our identities are stolen and how we will cope.  And, none of it shows any sign of letting up.

But, let’s bring it down to a personal level – what if something did happen to you?  Identity theft and other shenanigans aside, how would your family deal with numerous financial accounts, bill paying services, and the other conveniences of the modern digital life?  And then there is the seemingly frivolous, but really not so frivolous side of all of this – social media accounts, photo sharing services and e-mail.

Granted, there’s always “an app for that” but, if you use one of these software solutions to store your login credentials, be certain that the data is truly secure – you do not want to unwittingly give access to just any virtual provider who comes along.  Of course, keeping a written list is discouraged (don’t write it down!) because physical lists often get into the wrong hands.  However, if you decide to break this cardinal rule, be sure to keep the list under lock and key or in the hands of a VERY trusted advisor.  Whatever system you use, be sure to update for changes on a regular basis.

Ironically, much of this comes down to mere convenience.  You should, of course, have up-to-date wills, powers of attorney, health care proxies and living wills which, while authoritative, are not necessarily convenient.  Having the bank account password may make your family’s life easier if something were to happen to you, but the appropriate documents will enable them to eventually and legally gain full access.

Not so much with social media – the laws are a bit murkier here and providers are erring on the side of personal privacy, which makes it difficult if not impossible to gain access to someone’s Facebook or Google account, even after death.  It’s ironic, but if you want your family to be able to access these accounts, you may have to break the rule yet again and share your credentials with them.

Welcome to the 21st century!  The existence of such digital assets adds yet another wrinkle that bears discussion with competent counsel when engaging in estate and contingency planning.

Read Full Post »