Staying ahead of cybercriminals is a never-ending job. Iowa State's IT security professionals are always watchful for vulnerabilities or cyberattacks, but scammers know that the easiest way to score is to entice people to give up their own information or credentials voluntarily.
Criminals have begun calling people directly and impersonating government agents in an attempt to extract personal information. Recently, an ISU student received a call from someone claiming to be an FBI agent calling on behalf of the IRS. The caller said the student owed delinquent taxes.
To help bolster the appearance of legitimacy, the scammer recited publicly available information -- the student's class year, major and address -- and used a local phone number and area code to make the call. Fortunately, the student did not supply any information, and neither should you.
"Whether by phone or email, legitimate businesses should never contact you asking for personal information," said Andy Weisskopf, information technology services' information security officer. "Do not make criminals' jobs any easier by giving them any information."
Phishing: Going for low-hanging fruit
Phishing usually involves phony emails that appear legitimate. For example, you may be asked to log in to an official-looking site to retrieve your electronic W-2 form. Behind the scenes, your personal information, such as username and password, is forwarded to criminals.
What site are criminals most interested in at Iowa State? AccessPlus.
With this information, criminals can wreak all kinds of havoc, from redirecting your paychecks to stealing your Social Security number. While ISU gets phishing emails year-round, attacks tend to spike around critical times, like the beginning of the semester or tax season.
"Phishing emails are easy to send and require only that a few people comply in order to make it worthwhile," Weisskopf said. "They remain a very popular method to attempt to trick people into giving up their credentials."
On the trail of your tax refund
Another popular activity for criminals who've grabbed your personal information is tax-related identity theft, a crime that has grown in recent years. Most commonly, the thief will use your information to file a false tax return in your name and claim the refund.
Frequently, victims do not realize a false tax return has been filed until they attempt to legitimately file their taxes. In recent years, a relatively small number of ISU employees have been affected by this crime, but some organizations have seen hundreds or even thousands of employees fall victim.
Weisskopf offered some tips on how to stay cyber safe in the new semester:
- Never give your personal information via phone or email to sources you cannot verify.
- Try to beat tax thieves to the punch by filing your taxes as soon as you receive all the necessary documentation. Even if you owe taxes, you can file early and pay on or near the tax deadline. (As always, consult your tax adviser on tax issues.)
- If you suspect you're the victim of tax fraud, report it immediately to ISU payroll at (515) 294-6556 or email@example.com to launch an investigation.
- If you've been a victim of tax fraud in the past, watch IRS communications closely. Identity theft victims are issued an identity protection personal identification number for their protection when filing taxes.
The IRS has an online guide with links and resources to help resolve instances of tax-related identity theft. The Federal Trade Commission's www.identitytheft.gov deals more broadly with issues of identity theft.
Beware of AccessPlus trollers, Dec. 11, 2014