University of Connecticut University of UC Title Fallback Connecticut

Author Archives: jep02011

Tax Season – Avoiding Online Tax Scams

It’s tax season, which means it’s also time for tax scams. Some tax scams occur when fraudulent tax returns are filed in the victim’s name while other variants occur when the malicious actors call the victim and pretend to be Internal Revenue Service (IRS) agents. In addition, there are malicious actors who use the tax season to spread malware and phishing emails.

Tax scams where the malicious actor files the return in the victim’s name include both identity theft and identity fraud, as well as tax fraud. This scenario occurs when the malicious actor finds or receives information about the tax filer, including the filer’s name, address, date of birth, and Social Security Number. The malicious actor then uses this information to file a malicious tax return, citing as many deductions as possible, in order to create as large a tax return as possible.

The other variant of tax scams occur when the malicious actor contacts the victim and tries to convince the victim to do something, such as immediately paying a fine or providing their financial information so a refund can be issued. In these instances the malicious actor uses what they know about the victim, often information gained for a data breach or social networking website, to convince the victim that the caller has access to the victim’s tax information. Frequently during these calls the caller will pretend to be an IRS agent.

In the third type of tax scam, malicious actors use tax related spam, phishing emails, and fraudulent websites to trick victims into providing login names, passwords, or additional information, which can be used in further fraud. Other emails or websites may download malware onto the victim’s computer.

WHAT TO WATCH OUT FOR

  • Watch for “spoofed” websites that look like the official website but are not.
  • Don’t be fooled by unsolicited calls. The IRS will never call to demand an immediate payment or require you to use a specific payment method such as pre-loaded debit or credit cards, or wire transfers. They will never claim anything is “urgent” or due immediately, nor will they request payment over the phone.
  • The IRS will not be hostile, insulting, or threatening, nor will they threaten to involve law enforcement in order to have you arrested or deported.
  • Sometimes malicious actors change their Caller ID to say they are the IRS. If you’re not sure, ask for the agent’s name, hang up, and call the IRS (or your state tax agency) back using a phone number from their official website.

 

RECOMMENDATIONS

If you believe you are the victim of identity theft or identity fraud, there are a couple of steps you should take:

If you receive spam or a phishing email about your taxes, do not click on the links or open any attachments, instead forward the email to phishing@irs.gov. Other tax scams or frauds can be reported according to the directions on this page:https://www.irs.gov/Individuals/How-Do-You-Report-Suspected-Tax-Fraud-Activity%3F

FURTHER INFORMATION

Identity theft information from the FTC: https://www.identitytheft.gov/.

Original text available here: https://msisac.cisecurity.org/newsletters/2016-02.cfm

Incident Update and Remediation Instructions

On Sunday, December 27th, the University of Connecticut was the victim of an IT service compromise. University Information Technology Services (UITS) responded to the incident and corrected the changes by approximately 4:00 pm that day, although the exact time of resolution was dependent upon when Internet Service Providers updated their records.

During the compromise, users intending to visit a *.uconn.edu site were redirected to a non-university site.  This external site contained dangerous software and attempted to trick users into downloading and installing malware. Masquerading as an Adobe Flash Player update, the install was actually a banking trojan, which can steal usernames and passwords.  Only the Windows operating system were potentially impacted.  If you downloaded the file, please follow our remediation instructions.

Also as a result of the incident, a number of University of Connecticut websites were blacklisted by the Phishing and Malware Protection features in some popular browsers. For these blacklisted sites, the browsers display a warning message instead of going directly to the site. Even though the redirection is corrected and the University never hosted the malware on its servers or websites, some sites continue to be blacklisted. UITS has requested the removal of all blocked UConn sites and will continue to pursue this process and any alternatives until all of the sites have been removed, and remain removed, from the blacklists.

 

The following instructions are provided to help you get remediation assistance in the event you downloaded or installed the malware.

Detection and Remediation Instructions for individually owned computers (ie. UConn Students, personal home computers)

File Downloaded but not installed:

  • Delete the file from your /Downloads directory
  • Empty the Recycle Bin

File Downloaded and installed:

  • Delete the file from your /Downloads directory
  • Empty the Recycle Bin

Windows 7

  • Download Microsoft Security Essentials.
  • Microsoft Security Essentials indicates that it will remove the malware. However, given the potential impact of the malware, and the inability to guarantee that all malware components will be successfully removed, we strongly recommend formatting your computer and reinstalling your operating system.
  • The University of Connecticut cannot provide format or installation instructions.
  • Windows 8 and 10
    • Windows Defender is installed on Windows 8 and 10.
    • Windows Defender indicates that it will remove the malware.  However, given the potential impact of the malware, and the inability to guarantee that all malware components will be successfully removed, we strongly recommend formatting your computer and reinstalling your operating system.

Computer Formatting Instructions

Many anti-malware software programs, including those listed above, are now detecting and removing the malware.  An alternative to relying on one of these programs is to re-format your computer and re-install Microsoft Windows from media, which will guarantee removal.  The following bullets are intended to provide some context surrounding the re-installation, but are not comprehensive.

  • Restart your computer and have it boot from the location where your install media is located
  • Windows will install setup files and launch the windows installer which will guide you through some basic questions
  • When prompted for the install location please remove and recreate your partitions and select the re-format option

If you have any questions, contact the UITS Help Desk at helpcenter@uconn.edu or call 860.486.4357

Detection and Remediation Instructions for Windows Workstations Enrolled in Managed Workstation

File Downloaded but not installed:

  • UITS is scanning all desktops and will remove the downloaded malware from your computer automatically.

File Downloaded and Installed

If you have any questions, contact the UITS Help Desk at helpcenter@uconn.edu or call 860.486.4357.

Detection and Remediation Instructions for Windows Workstations supported by Departmental IT

File Downloaded but not installed:

  • Delete the file from your /Downloads directory
  • Empty the Recycle Bin

File Downloaded and Installed

If you have any questions, contact the UITS Help Desk at helpcenter@uconn.edu or call 860.486.4357.

Information Security Incident (Initial)

12/28 @ 10:11:05

Incident Details:

The University of Connecticut was the victim of an attack yesterday morning.  (more…)