Protection via Encryption

 Sometimes you wish to protect data on your compute devices by more than permissions and ownership. Encryption may be the method chosen.

 BE AWARE encryption is a double edged sword. If you lose or forget the key, you will have the same problem accessing your data that you are wanting to use to thwart others.

 So, what are some options?

 Security by obscurity. Name the file with an benign name. Change the extension to prevent default application from opening. 
e.g. squash recipie rename from resume.doc

For windows and MacOS you can adjust permissions on files and folders so others can not read or modify those files and folders. There are many ways to overcome such settings. Slightly more protections of the intended data than obscurity.

You can also "hide" files and folders so others will need to expend more effort to "find" the hidden data. 
Windows: attrib +h +s path\filename 
MacOS:  chflags hidden path/filename
Linux: add a leading dot "." to the filename

You can encrypt documents/spreadsheets/presentations and other data in most office suites. Select the desired document and use the office suite utilities to encrypt and decrypt the desired data. 
AGAIN, if you lose control of the encryption key or passphrase you will lose access to the data you are intending to protect. Also, the encryption used by most office suites are more easily broken by tools on the Internet.

You can purchase external media that has encryption capabilities. 
Size, connection methods, encryption strength, capabilities, and other factors will influence that purchase. 

Bio-metrics for encryption key control is also a double edged sword. Finger print enablers are better for loss of encryption key control, but not if you lose that finger or you need to have the data passed to an heir or spouse.

Full disk encryption can protect a drive on the compute platform you want to protect via encryption. If your platform is stolen or you lose physical control then the drive will need the encryption key or passphrase to access the data.

A more controlled approach is to use encryption applications or utilities to provide protection via encryption.

TrueCrypt was the popular encryption app for many years. Open source, flexible, dependable, free. VeraCrypt is the current fork of the TrueCrypt utility. 

Other encryption utility offerings include DiskCryptor, Cryptainer LE, and Challenger.

Users needs vary. One should determine their needs and use the above and other options to fit those needs. If your needs change, revisit the options available at that time.

These methods offer a level of data protection. As with most things, you need to protect the protections.

TAILS

The Amnesic Incognito Live System   TAILS   is a Live System (booted from USB, DVD or similar) on an existing personal computer system with an x86-64 architecture. Most of the later PCs and Macs.
 The latest release as of this post is version 4.1 released December 3, 2019.

 Since TAILS is a "live" system, it can not and does not write or use the booted system's disk drives. It will and does use the other components of a system. The network, keyboard, display, mouse, etc.

TAILS is designed to be security focused to help preserve privacy and anonymity. How secure, private, and anonymous is TAILS?
Edward Snowden used TAILS.

 It has been mentioned the more secure way to do online banking, financial tracking, and online shopping is to use a Linux based machine with a USB tether cord to a cell phone with Wi-Fi and Bluetooth radios disabled. This will use the cellular network for network access.

 Your computer experience will be slower when using TAILS. The system is then using a slow USB disk drive and filtering a LOT during any network activity. Using TAILS should be safer, not safe. If you provide your credentials to a rogue WEB site, no amount of security, anonymity, or privacy will prevent those actions.

      DO NOT DO ITEMS LIKE THIS!!

 Before the version 4.1 release building and deploying a TAILS distribution on bootable USB or DVD required multiple media and steps to build the final TAILS system. Reason being the build environment needed to be secure to build the more secure TAILS system. Building TAILS is a simpler process now. If you wish to try TAILS I can provide a ready built TAILS USB. 

 TAILS is a Debian based Linux distribution using Tor networking and Tor browser for privacy and anonymity. Tor (The onion router)

uses many routers across the Internet with encryption at each of the many points between the sending and receiving nodes on the network. The Tor browser uses DuckDuckGo as a search engine and Tor for networking. The Tor browser also has HTTPS Everywhere for transparent encryption, NoScript for JavaScript control, uBlock Origin for advertisement control.

 TAILS has many other utilities, features, and settings to make it more useful than just a more secure browsing platform. 

A virtual keyboard to prevent key loggers, LibreOffice suite, a digital wallet, and many more.

To use TAILS you need a machine you can enable booting from a USB or CD/DVD drive. Some systems provide a boot block to prevent booting removable media as a security measure. A search engine may provide the method to enable booting from removable media. 

Once you have the ability to select USB or desired media you should see a screen similar to: 

Use the ENTER key or wait for the countdown.

I have found it best to wait until the TAILS system is up and functional before adding the smart phone USB tether cable with Wi-Fi and Bluetooth disabled. Using a USB HUB if your system has only one USB port may not work.

Next 

I recommend using the + button to set an Administrator password.

Then use the Start Tails button to get the desktop, select the Tor browser, then visit the WEB site(s) where you want added security anonymity, and privacy.

Windows 10 S mode

 Some new PC purchases may be delivered with Windows 10 S mode installed.
 Typing winver in the search box will show a popup window similar to:

I think Microsoft called it Windows S for school or student when this version or build was first introduced. The intent was to have a build/configuration for educational environments.
 They later changed the name to S and made the offering a mode of windows home.

 For offering in educational environments the changes from other windows build include:
Inability to install programs/applications from the Internet
only applications from the Microsoft store.
Quick and easy reload from a USB stick or local network
Limit the browser and search capability to Edge and Bing with some controls.
Reduce normal power requirements to extend battery life per session
Run on less powerful hardware

At first the windows S offering cost less, users could upgrade to home or pro editions for a fee.
At the time of this article users can choose to disable S mode, one time. If switching from S mode the ability to revert is limited.

Some may desire the features of S mode. If so, you can do a clean install of Windows 10 in S mode.
Some may desire to disable S mode on their devices.
Details on those actions are available on Internet articles.

FAKE update/upgrade notices are on the increase

 Many recent attempts to get users to update/upgrade and and all products, applications, operating systems, etc.
 For your and our safety and security use the vendor's update/upgrade mechanisms, NOT notices via email, pop-ups, news articles, web sites, web windows, etc.
 Recent malware campaigns use email notifications to update Windows 10, Adobe Flash, and others.
 Use Windows Update application to check and apply update/upgrades.

Windows 10 Feature Update (1909) AND Second Tuesday Patch Release

 Another second Tuesday of the month, a windows 1 SIG meeting, and Microsoft patch release for schedule A.
 The November 2019 feature update is available. In my case I found it available after the patch set had been applied.
 The patch set covers 74 vulnerabilities with 15 rated critical. The patch set took the normal amount of time to apply.
 The feature update was very quick to apply, and quick to implement after the restart.

 This feature set is said to be for stability and performance with few significant new features.
 I will cover the features in the next Windows SIG meeting.

Apple updates October 15, 2019

 I have been running MacOS Catalina beta for a few months. Just before public release i was getting several updates a week. A supplemental update for the public release of Catalina was issued today.
 AND iOS 13.1.3 for iPhone and iPadOS 13.1.3 for iPad.

Cybersecurity and Infrastructure Security Agency (CISA) releases article on Avoiding Social Engineering and Phishing Attacks

https://www.us-cert.gov/ncas/tips/ST04-014

Security Tip (ST04-014)

Avoiding Social Engineering and Phishing Attacks

Original release date: October 22, 2009 | Last revised: August 22, 2019

Print Document

Tweet

Like Me

Share

Do not give sensitive information to others unless you are sure that they are indeed who they claim to be and that they should have access to the information.

What is a social engineering attack?

In a social engineering attack, an attacker uses human interaction (social skills) to obtain or compromise information about an organization or its computer systems. An attacker may seem unassuming and respectable, possibly claiming to be a new employee, repair person, or researcher and even offering credentials to support that identity. However, by asking questions, he or she may be able to piece together enough information to infiltrate an organization's network. If an attacker is not able to gather enough information from one source, he or she may contact another source within the same organization and rely on the information from the first source to add to his or her credibility.

What is a phishing attack?

Phishing is a form of social engineering. Phishing attacks use email or malicious websites to solicit personal information by posing as a trustworthy organization. For example, an attacker may send email seemingly from a reputable credit card company or financial institution that requests account information, often suggesting that there is a problem. When users respond with the requested information, attackers can use it to gain access to the accounts.

Phishing attacks may also appear to come from other types of organizations, such as charities. Attackers often take advantage of current events and certain times of the year, such as

• natural disasters (e.g., Hurricane Katrina, Indonesian tsunami)
• epidemics and health scares (e.g., H1N1)
• economic concerns (e.g., IRS scams)
• major political elections
• holidays

What is a vishing attack?

Vishing is the social engineering approach that leverages voice communication. This technique can be combined with other forms of social engineering that entice a victim to call a certain number and divulge sensitive information. Advanced vishing attacks can take place completely over voice communications by exploiting Voice over Internet Protocol (VoIP) solutions and broadcasting services. VoIP easily allows caller identity (ID) to be spoofed, which can take advantage of the public’s misplaced trust in the security of phone services, especially landline services. Landline communication cannot be intercepted without physical access to the line; however, this trait is not beneficial when communicating directly with a malicious actor.

What is a smishing attack?

Smishing is a form of social engineering that exploits SMS, or text, messages. Text messages can contain links to such things as webpages, email addresses or phone numbers that when clicked may automatically open a browser window or email message or dial a number. This integration of email, voice, text message, and web browser functionality increases the likelihood that users will fall victim to engineered malicious activity. 

How do you avoid being a victim?

• Be suspicious of unsolicited phone calls, visits, or email messages from individuals asking about employees or other internal information. If an unknown individual claims to be from a legitimate organization, try to verify his or her identity directly with the company.
• Do not provide personal information or information about your organization, including its structure or networks, unless you are certain of a person's authority to have the information.
• Do not reveal personal or financial information in email, and do not respond to email solicitations for this information. This includes following links sent in email.
• Don't send sensitive information over the internet before checking a website's security. (See Protecting Your Privacy for more information.)
• Pay attention to the Uniform Resource Locator (URL) of a website. Malicious websites may look identical to a legitimate site, but the URL may use a variation in spelling or a different domain (e.g., .com vs. .net).
• If you are unsure whether an email request is legitimate, try to verify it by contacting the company directly. Do not use contact information provided on a website connected to the request; instead, check previous statements for contact information. Information about known phishing attacks is also available online from groups such as the Anti-Phishing Working Group. (See the APWG eCrime Research Papers).
• Install and maintain anti-virus software, firewalls, and email filters to reduce some of this traffic. (See Understanding Firewalls, Understanding Anti-Virus Software, and Reducing Spam for more information.)
• Take advantage of any anti-phishing features offered by your email client and web browser.

What do you do if you think you are a victim?

• If you believe you might have revealed sensitive information about your organization, report it to the appropriate people within the organization, including network administrators. They can be alert for any suspicious or unusual activity.
• If you believe your financial accounts may be compromised, contact your financial institution immediately and close any accounts that may have been compromised. Watch for any unexplainable charges to your account.
• Immediately change any passwords you might have revealed. If you used the same password for multiple resources, make sure to change it for each account, and do not use that password in the future.
• Watch for other signs of identity theft. (See Preventing and Responding to Identity Theft for more information.)
• Consider reporting the attack to the police, and file a report with the Federal Trade Commission.

Authors

Cybersecurity and Infrastructure Security Agency (CISA)

hosts file helpful harmful

 A question recently concerning how to block an Internet domain name.
Microsoft in this case, but if you have a domain you would like to block  the following is a way.

Windows uses three (3) methods for name lookup.
hosts file  the file name is consistent, the location varies for different versions
NetBIOS   depreciated usage
DNS Dynamic Name Service

the name resolution goes in that order   hosts file, NetBIOS, then DNS
DNS has an order as well, the local machine, then up the routing infrastructure until the name is found or the name requests times out.

CAUTION: Take backup, lotsa backups before attempting and triple check your work at each step!

For Windows 10 the hosts file is C:\Windows\System32\drivers\etc\hosts

NOT FOR the faint of heart!

Invoke Notepad,  type notepad in the search box then select Run as Administrator when right clicking the Notepad executable

IF YOU DO NOT GET A WARNING AND THE PROMPT TO SUPPLY ADMINISTRATOR PASSPHRASE, see the Cyber blog about Administrator rights and privileges.

Change the "Text Documents" to "All Files"

.

Perhaps your desired result will be similar to:

The star (*) before the .microsoft indicates all sub-domains.
the IP Address and domain name need to be separated by white space.  i typically use a TAB and a SPACE.

After the desired edit, use File and Save to complete the edit. I recommend having an original copy saved in the same directory/folder named hosts.original or similar.

Check for the desired affect. Microsoft.com blocked?   the 127.0.0.1 is the IP address of the local machine, your PC.

As a safety/security measure consider removing Modify and Write permissions.

 This is an extreme measure, NOT for the faint of heart.

HOWEVER, i have mentioned before   almost anything can be helpful and harmful.
Some malware works by adding a domain they want blocked to the hosts file. Even worse, they change a valid and oft used domain to an IP address they control.

yet another Microsoft 10 Build 1903 Out-of-Band emergency update

 A rare out-of-band emergency update for Microsoft Windows 10 build 1903 was released September 23. "Seekers", those who check Windows Update often had the ability to obtain and apply the update.
 After the cyber security SIG meeting today, our return home saw yet another out-of-band emergency update.
The update is for Internet Explorer. Though you may not use Internet Explorer in favour of other browsers, other apps and malware designed to take advantage of this flaw can and will use Internet Explorer.
 It is important to reboot/restart systems after these two emergency updates even though the update process does not by default.

Apple Reminders

 With iOS 13 upgrades and iPadOS a big problem. The Reminders app may and probably will lose older reminders. Older reminders not in the traditional sense. Older reminders created or edited with previous versions of Apple Reminders app!

Patching patching patching

 Microsoft released an emergency patch yesterday. Rare for Microsoft to do an out-of-band patch.
Department of Homeland Security issued a bulletin about this patch. Most of the reports are concerning exploits in Internet Explorer. You may think you don't use Internet Explorer, having moved on to Edge, Chrome, Firefox, Opera, Brave, Tor, or others.
 BUT malware can invoke Internet Explorer on your system to visit malware sites.
 BUT other critical Windows components are also patched.
 Might consider getting and applying these: KB4522738 KB4517211 on Windows 1903.

 Apple released iOS 13, then iOS 13.1, then iOS 13.1.1  all very recently. Again related to security.
iPadOS was supposed to release version 13.0 tomorrow. I found i could update 10 iPadOS 13.1.1 yesterday.
And now 13.1.2

 And Firefox patched

 And Chromium Edge

iOS 13 & Bluetooth

 Bluetooth, Wi-Fi, cellular, zigbee, etc are radio. Radio.  Information within these radio protocols may be encrypted, but the sender and the target need to be listened to. Limited or no encryption.
 iOS 13 has a "Find My" feature. a merge of "Find My iPhone" and "Find My Friends" applications with additional function and features.
 After the iOS 13 update, some of your apps may start asking permission to use Bluetooth. Apple now requires apps to ask permission to use Bluetooth.
 The "Find My" can and does use Bluetooth to find your devices. Other apps use Bluetooth with good reason. A fitness tracker, external speakers, etc.
 A caution for other apps seeking Bluetooth permissions. Think tracking. A restaurant chain app seeking Bluetooth permissions may use the function on your smart device to track you and target your location for ads.
 Most of today's information has helpful and harmful capabilities. Consider the potential of both when considering granting Bluetooth permissions

Windows 10 Update causing Problem(s) yet again

 The fix to Windows Defender in Windows 10 fixed the problem it was to address (a signature file casing user triggered file system checks to abort) BUT the fix then caused user initiated file system checks to fail at a random time in the check. Users affected would note a less than thorough file system check.
 The fix will be fixed, yours may be fixed already.
 An issue with getting Windows Defender signature updates has been how do I  manually check and then download and apply the signature updates.
 This post will detail that process.

 Use the Search box  Virus and Threat Protections 

Virus and Threat Settings

The response

IF YOU ARE USING A SECURITY SUITE AND ITS SCANNING METHOD, YOU CAN ADD THE WINDOWS DEFENDER FILE SCANNING FOR DEFENSE IN DEPTH.

DNS want more speed, security, privacy?

 For every site you visit on the Internet, your device must supply an Internet address. This is done with Domain Name System. DNS. Most WEB pages contain many individual pages to fill the page you requested. Each of those pages require an Internet address. Each address requiring a DNS service to translate a name to that Internet address. Time is cumulative. Microseconds add up to be seconds.
Using a faster DNS server should make your device load pages faster.
 The DNS server logs every name to Internet address lookup. Thus even with browsers in private mode, the DNS server can track your traffic on the Internet.
 If the DNS server is provided by a company that sells those logs, your privacy is affected.

 Using a DNS server that is faster and does not share the name lookup logs might be a better choice.
For more security a DNS service provider can block access to known bad sites. Blocking bad sites is important for both forward and reverse lookups AND them getting to you as well as you getting to them for malware getting home.

 Suddenlink provides this DNS service by default. Some users changed to Google's DNS server for increased speed and reliability.

 Recent DNS offerings from Cloudflare and Quad 9 offer faster and more secure DNS. Bad sites will be blocked before any attempts to load traffic from those sites.
Your devices use the closest DNS server. Your device will use a home router or wireless access point to do the DNS name lookup if no DNS server is setup. If no DNS service is defined in the router, the Suddenlink DNS server is used.

 DNS servers must be configured with the Internet address, otherwise there would be no method to lookup the name of a DNS server.
Quad 9 has an IPv4 address of 9.9.9.9 and a secondary address of 149.112.112.10
Cloudflare has an IPv4 address of 1.1.1.1 and a secondary address of 1.0.0.1
If your device supports IPv6:
Quad 9 has a IPv6 address of 2620:fe::fe and a secondary address of 2620:fe::9
Cloudflare IPv6  2606:4700:4700::1111  secondary 2606:4700:4700::1001

For your home router or wireless access point consult the manual provided with the device or the vendor's support site for how to view and change the DNS server. YouTube or the Internet may provide more detailed setup settings for your home router and/or wireless access points.
An example for a Linksys wireless access point

 Windows
For most Microsoft Windows systems Click the network Icon on the right hand of the task bar.

Yours may be elsewhere on the screen.

IMPORTANT: You should set DNS and other settings for any and all network adapters!

For each adapter choose Change adapter options:

The list of currently known network adapters. Detail view

Choosing Ethernet:

Now choose Properties

Note: At this point you should get a User Access Control (UAC) window popup since you should NOT be running as Administrator. Please see the Administrator post for details and clarification.

First do IPv4

In the above case the Cloudflare primary DNS server is tried first, then the Quad9 primary, then the secondary Google DNS server. You should choose the DNS server hierarchy to best suit your individual requirements.

Doing a similar setup for IPv6

Be sure to use Apply for the changes settings to take effect. Check the settings on occasion AND after major releases.

If you get a DNS name lookup block or a site will not load due to a DNS name lookup block, use care before circumventing that DNS name lookup block.

MacOS
 Again better to setup DNS for both IPv4 and IPv6
From Start or Apple icon, System Preferences -> Network -> DNS

Linux & UNIX
  edit  /etc/resolv.conf

Smart Phones

 Both Google Play Store for Android and the Apple Store for iPhone have a 1.1.1.1 Cloudflare app.

The 1.1.1.1 app has advantages: It will use a Virtual Private Network (VPN), can be quickly switched on and off, and has been shown to be the fastest name lookup at the time of this post.


Android
 Depending on your provider you may or may not have control of your android for cellular DNS.

For Wi-Fi
Settings -> Wi-Fi
Hold the network you wish to modify for DNS

YOUR screens may be different. Check your Android and manufacturer's site for your model.

iPhone

Settings -> Wi-Fi
Click on the Information circle for the network name you wish to change DNS server information.

Note, Save, then delete old DNS server IP addresses.
Click Add Server

Add entries for your choices for faster, more private, and safer DNS servers

You can consider adding the previous DNS server listed in settings at the bottom of the list of DNS servers.


Efforts have been made to check the accuracy of the information provided.
After and configuration change, test the functions for the desired behaviour. Check the SAVE buttons. 
I suggest checking the settings after major updates, upgrades, or patching.

Microsoft Patch Tuesday 13-Aug-2019

 Warnings after the release of details of Microsoft patch Tuesday for August 13. 

Your Windows 10 may not apply the patch set if you have certain anti-virus installations which have yet to add support for SHA-2.
Norton and Symantec being tor first two.

94 vulnerabilities patched, 29 Critical. At least 2 "wormable" 
A site to provide more details on each patch cycle release:

https://patchtuesdaydashboard.com/

That makes two (and counting?) Another Windows 10 1903 Cumulative update released 29-May-2019

 If you have updated to Windows 10 Feature update May 2019 you should check Windows Update for Cumulative update KB4497935.

If you are wondering why your machine has not yet been offered the Feature Update May 2019, it may be you have an USB or SD card attached. Some users were getting their system drive switched to A:   which is not good

iOS 12.3.1 released today May 24, 2019

 Fixes for Messages app and VoLTE calling

Windows Update issues yet again

 May 14 saw another Patch Tuesday update released.
 79 vulnerabilities addressed, 23 critical, 2 active in-the-wild and an Adobe patch for Edge.

 After the QC, and release to users - a problem has been found.

 The problem occurs when users wish to use an explicit restore point taken before applying the May 14 update. As mentioned the May 14 update is recommended due to the number and nature of the patches applied.

 If a user requests a system restore from one of the restore points taken before the May 14 update, the system may encounter a Stop error (0xC000021A) . The problem: driver restore order.

 A solution: The system should restart the Windows Recovery Environment (WinRE) after two failed reboot attempts. At the WinRE screen
Troubleshoot > Advanced Options > More recovery options > Startup settings
Restart now
Select "Disable driver signature enforcement"
Some users need to use the F7 key to see the setting.

iOS 12.3 released

 'nuff said

Older Windows update urged

 Older versions of Microsoft's Windows Operating System, think Windows XP and Windows 7, are vulnerable to yet another malware attack. This attack can and does act like a worm - malware that duplicates itself computer to computer.

 Microsoft released patches and updates today for both XP and Windows 7. Windows 7 and XP are used in many external enterprise networks. If a user with XP or Windows 7 visits one of these sites, or has new or existing network connections to an infected site, their system could become infected.

WhatsApp update recommended.

 It has been in hacker news the past few days. WhatsApp, the more secure messaging and phone app for iPhone, Android, Windows Phone and WEB has vulnerabilities that allow others to infect mobile devices with malware. The vulnerability can be exploited by placing a phone call. No answering of the phone call is required.

 A patch was released 2 days ago. That "fix" was not a complete resolution of the problem. A fix was released in the past few hours. It took me a few tries to get an update on one iPhone.

 It is being highly recommended to update WhatsApp. If you have automatic updates enabled, best to check to ensure your WhatsApp is updated.

Windows update Tuesday

 Released today, 2nd Tuesday as normal
 79 vulnerabilities fixed/patched. 2 Adobe patches. Of the 79 vulnerabilities, 23 are classed as critical. Two of those are being exploited in the wild.

One ring Phone scam

 Reports from other regions of the U.S.  now reported in Texas.  A single ring, often at night. The one ring call may be repeated. The area code 222 or 232. These area codes are in Africa. If and when the called party calls back they will incur large charges on their next phone bill.

 The scam uses a victim's curiosity to solicit the call back. So don't.

Firefox browser and extensions

 Firefox is an alternative browser choice. A good choice, usually.

In the past few hours, any and all extensions loaded into Firefox stopped working.
Mozilla, the Firefox vendor, is aware of the problem and cause, but no fix available at the time of this post.

 If you have loaded and rely on extensions for protection. Be aware.
I would recommend using about:extensions or the Menu option to view extensions:

Note the extensions to re-add after the Firefox issue has been resolved.

UPDATE: The issue with add-ons and extensions has been resolved. I advise reviewing your extensions and their settings.

Some sites still have issues with cookies and certificates.

have ASUS laptop?

 Yet another supply chain attack.

 These attacks are dangerous. The update appears genuine for any and all checks that one would perform to NOT get malware on your devices.

 Attackers distributed hardware vendor updates for Asus computers. The updates were signed with valid digital certificates belonging to the vendor. If you have an Asus computer and allow updates or performed an update earlier this year you may have installed the update with malware.

 In this case, from what is known thus far, the instance known checks for a specific list of  MAC addresses. You can check your MAC against this list at this link.

 Asus has yet to notify their customers.

Chrome browser update urged

 Various mainstream media outlets are urging Chrome browser users to update to version

Version 72.0.3626.121

with some urgency. Details are sketchy, which is worrying.

To check your Chrome browser version, click on the 3 vertical dots as shown

scroll to the right on the above picture if needed.

On the pull-down select  Help   then  About Google Chrome.

Your current version will be displayed, and the option to update the version if desired. Once the update is downloaded and applied, a new Tab will allow you to relaunch Chrome with existing open tabs still open.

 It is good advice to check for current versions of all browsers before sensitive use.

IRS 'Dirty Dozen'

From the IRS, this year's 'Dirty Dozen'
irs.gov  Search for Dirty Dozen'

IRS Tax Tip 2018-52, April 4, 2018

The IRS reminds taxpayers to watch out for scams and schemes that put them and their personal information at risk. Each year, the IRS releases the top 12 scams, known as the Dirty Dozen. The schemes run the gamut from simple refund inflation to technical tax shelter deals.

Here’s a recap of this year's Dirty Dozen:

1. Phishing: Taxpayers should watch for fake emails or websites looking to steal personal information. The IRS will never initiate contact with taxpayers via email about a bill or tax refund. Don’t click on links in these emails claiming to be from the IRS.
    
2. Phone Scams: Phone calls from criminals impersonating IRS agents remain an ongoing threat to taxpayers.
    
3. Identity Theft: Taxpayers should be alert to tactics aimed at stealing their identities. The IRS continues to pursue criminals who file fraudulent tax returns using someone else’s Social Security number.
    
4. Return Preparer Fraud: Most tax professionals provide honest, high-quality service. However, there are some dishonest preparers who scam clients. These preparers commit refund fraud, identity theft and other scams that hurt taxpayers.
    
5. Fake Charities: Groups masquerading as charitable organizations solicit donations from unsuspecting contributors. People making donations should take a few extra minutes to make sure their money goes to legitimate charities.
    
6. Inflated Refund Claims: Taxpayers should be wary of anyone promising inflated tax refunds. Some signs of this include preparers who ask clients to sign a blank return or those who promise a big refund before looking at taxpayer records.
    
7. Excessive Claims for Business Credits: Taxpayers should avoid improperly claiming the fuel tax credit. Most taxpayers aren’t eligible for this credit, as the law usually limits it to off-highway business use, including farming.
    
8. Falsely Padding Deductions on Returns: Taxpayers should avoid the temptation to falsely inflate deductions or expenses on their tax returns. Taxpayers do this to pay less than what they owe or receive a larger refund than they should get.
    
9. Falsifying Income to Claim Credits: Con artists may convince taxpayers to invent income to erroneously qualify for tax credits, such as the Earned Income Tax Credit.
    
10. Frivolous Tax Arguments: Some taxpayers use frivolous tax arguments to avoid paying tax. Promoters of these schemes encourage taxpayers to make outlandish claims about the legality of paying taxes. These claims are repeatedly thrown out in court.
     
11. Abusive Tax Shelters: Taxpayers who use abusive tax structures do so to avoid paying taxes. The majority of taxpayers pay their fair share, and everyone should be on the lookout for people peddling tax shelters that sound too good to be true.
     
12. Offshore Tax Avoidance: It’s a bad bet to hide money and income offshore. People involved in offshore tax avoidance are best served by voluntarily disclosing offshore money and getting caught up on their tax-filing responsibilities.

U.S. Government Emergency Directive 19-01 DNS tampering

 On January 22, 2019 the U.S. Department of Homeland Security issued a rare emergency directive to any and all U.S. government agencies to use defined steps to better secure Domain Name Service (DNS) infrastructure.

 With the U.S. government shutdown it is unclear if the directive will be acted upon in a timely manner. Many security certificates have expired thus far due to the shutdown.

 Both tampering with DNS records and security certificates can be used to intercept user traffic to and from government Internet infrastructure. Worse yet, inter-agency traffic can be intercepted and/or altered.

 This can be bad, and almost impossible to detect. Be aware.