Scam of the day – March 2, 2016 – Dangers to avoid when filing your income tax return electronically

Millions of Americans file their federal income tax returns electronically.  In fact, if your taxable income is less than $62,000 you are eligible to file your federal income tax return for free using the IRS Free File program.  Filing your income tax return electronically can be both safe and convenient if done properly, but it also can be risky as evidenced by a recent study by the Online Trust Alliance, a nonprofit Internet Security firm which found that six of the thirteen companies used in the IRS Free File program had significant security issues that included failures to properly encrypt data. Here is a link to the Online Trust Alliance report:


So what can you do to make your electronic filing more secure?  Here is a list of good practices to follow:

  1.  Install security software on your computer or other electronic device you are using to file your income tax return and keep the software updated with the latest security patches.
  2. Don’t file your income tax return using public Wifi.
  3. Don’t store your income tax return on your computer.  Store it in a separate USB thumb drive.
  4. Beware of phony emails purporting to come from the company you are using to file your taxes that ask you to confirm your account information and password.  Phishing emails that appear to be from TurboTax are presently circulating.  Never provide information in response to such emails.  If you think the email might be legitimate, contact the real company independently from the email and you will find that the initial email was a scam.
  5. Make sure that all communications regarding your income tax return are encrypted.
  6. Use dual factor authentication in addition to passwords such as one-time codes sent to your smartphone or fingerprints whenever possible.
  7. Use a unique password for your online income tax return.
  8. To make sure that the income tax website you are on is legitimate, look for the green trust indicator in your browser address bar which means that the website is legitimate and has an Extended Validation SSL Certificate, which is mandated by the IRS.

Scam of the day – February 27, 2016 – Dangers of public Wi-Fi

Recently, USA Today journalist Steven Petrow wrote about his using in-flight Wi-Fi to send emails while flying on an American Airlines flight. Upon landing, Petrow was approached by one of the other passengers who informed him that during the flight he had hacked into Petrow’s laptop as he had done to other passengers as well.  The hacker proved his assertion by recounting to Petrow the contents of the emails he sent and received. The lesson here is one that too many of us forget, namely that public Wi-Fi is not secure.  However, with some precautions it can be made safer.


Whatever electronic device you are using to connect to a Wi-Fi network, whether it is a computer, laptop, tablet or smartphone should be equipped with security software.  In addition, you should have encryption software so that your communications are encoded.  You also should go to your settings and turn off sharing.  In addition, you should make sure that your firewall is current and turned on.  Finally, and perhaps most importantly, you should consider using a Virtual Private Network (VPN) which enables you to send your communications through a separate and secure private network even while you are on a public network.  A good VPN that you can use for free is CyberGhost which you can get by clicking on this link.

Scam of the day – January 20, 2016 – Real estate home buying scam

Intricate email scams targeting people involved in the sales of residential real estate have increased over the past year both in the United States and the UK.  The scams begin with the hacking into the email accounts of one of the parties involved with a residential real estate conveyance.  This can be either the buyer, seller, lawyers, real estate agent or banker.  Unfortunately, hacking into email accounts is a relatively easy thing for a skilled identity thief to do.  They then monitor the communications regarding the progress of the sale of a particular piece of real estate and when the time is right,  generally posing as one of the lawyers or the bank mortgage officer, the scammer will email the buyer, telling him or her that funds necessary to complete the sale need to be wired to the phony lawyer’s or banker’s account provided in the email.  Everything appears normal so unsuspecting buyers too often are wiring the money to the cyberthieves who then move the funds from account to account to make it difficult to trace the funds.


Even if you are not involved in buying or selling a home, it is always a good idea to protect your email account from being hacked.  This means having a strong password and security question as well as changing your passwords on a regular basis.  You can find information about how to pick strong passwords and security questions here in the Scamicide archives as well as in my book “Identity Theft Alert.”  Maintain good anti-virus and anti-malware software on all of your electronic devices including your computer as well as your smartphone and keep your security software up to date with the latest security patches as soon as they are made available.  Don’t click on links in emails or text messages that may contain malware that can steal your personal information from your electronic devices and remember, your security software is always at least thirty days behind the latest malware.

Don’t use public wifi for any financial or business purposes.  Use a virtual private network to encrypt your data when using your electronic devices in public.  Never provide personal information in response to an email regardless of how legitimate it may appear until you have independently confirmed that the email is legitimate.  Finally, whenever you are asked through an email or text message to wire funds as a part of a real estate or other business transaction, don’t do so until you have confirmed that the request and the account to which you are being asked to wire the funds are legitimate.  Appearances can be deceiving so always confirm.

Scam of the day – August 4, 2014 – Instagram hacking threat

Instagram is a great app for sharing photographs and videos, however, it has recently been discovered that it can be easily hacked when it is used with public WiFi.  The core of the problem is that Instagram accounts do not communicate over an encrypted program.  An easy way to see if you are communicating by way of an encrypted program is to look at the web address and see if it starts with “https.”  If it starts with “http” without the “s,” your communication is not being encrypted and is not protected.  Hackers can obtain personal information such as your username, password and photos by hacking into public WiFi, which is easily done.  Perhaps the most disturbing part of the recent revelation that this security flaw exists is that  Facebook, the owner of Instagram has been aware of this problem for two years.  Facebook officials say that they are still working on moving to “https,” but frankly this process should not take this long.


Never communicate anything of importance online unless the data is encrypted.  Look for the “https” when communicating with any website with which you are sending personal information, particularly financial information such as a credit card.  You should avoid using Public WiFi for anything of a confidential nature since you cannot be sure if you are using the real Public WiFi or one that is set up by a hacker sitting close by who is capturing all of your data.  In addition, even if you are using the real Public WiFi, that system is easily hacked so, unless your communications are encrypted, you are in danger of identity theft.