IRS warns of EFIN scam
The Internal Revenue Service (IRS) has issued an urgent warning to tax professionals over a new scam in which cyber-criminals impersonate the IRS over email in an attempt to steal Electronic Filing Identification Numbers (EFINs). Carrying the subject line "Verifying your EFIN before e-filing," the scam email purports to be from "IRS Tax E-Filing."
In the body of the bogus email, targets are asked to send an EFIN acceptance letter dated within the last 12 months and scans of the front and reverse of their driver's license to a fake email address in order for their EFIN to be verified. Thieves who obtained the EFIN and driving license data of a tax professional could use it to impersonate that professional and file fraudulent returns.
In an alert jointly issued February 10 by the IRS, state tax agencies, and the tax industry, tax professionals who receive this particular scam email are asked to save it as a file and send it as an attachment to phishing@irs.gov.
(Source: InfoSecurity Magazine)
270 service deposit addresses drive 55 percent of money laundering in cryptocurrency
Money laundering is the key to cryptocurrency-based crime. The primary goals of cybercriminals who steal cryptocurrency, or accept it as payment for illicit goods, are to obfuscate the source of their funds and convert their cryptocurrency into cash so that it can be spent or kept in a bank. Of course, thanks to the efforts of law enforcement and compliance professionals around the world, cybercriminals can’t simply send their ill-gotten cryptocurrency to an exchange and cash out as a normal user would. Instead, they rely on a surprisingly small group of service providers to liquidate their crypto assets. Some of these providers specialize in money laundering services while others are simply large cryptocurrency services and money services businesses (MSBs) with lax compliance programs.
But while you would expect that the money laundering resulting from such a broad spectrum of illegal activity to have taken place across a large number of services, just a small group of 270 blockchain addresses have laundered around 55 percent of cryptocurrency associated with criminal activity. Furthermore, expanding this group further, 1,867 addresses received 75 percent of all criminally linked cryptocurrency funds in 2020, a sum estimated at around $1.7 billion.
The full report can be accessed here.
(Source: ZDNet)
New IoT Cybersecurity Act: Creating a floor for IoT security?
The new IoT Cybersecurity Improvement Act signals that the government will take IoT security more seriously in future. While the act specifies requirements for new devices, there are billions of existing devices already in the field. There are still a range of prevalent shadow-IT practices and other behaviors that the act does not address.
The IoT Cybersecurity Improvement Act doesn’t specify requirements, other than instructing National Institute of Standards and Technology to do so — and to do so by March. The act applies to any IoT device purchased with government money. In addition to establishing new mandatory minimum security standards for these devices, the bill requires that these standards and policies be updated at least once every five years.
Various experts stressed that the law will almost certainly affect only new IoT purchases, leaving a security vacuum for existing devices, along with devices purchased before the government guidelines kick in or, more precisely, once vendors start delivering devices that comply with the new standard.
(Source: IoT World Today)
Illinois is state hit hardest by cybercrime
The highest concentration of cybercrime victims in the United States can be found in Illinois, according to a recent study by Clario. The London-based cybersecurity company analyzed cybercrime data in the United Kingdom and the United States to determine which geographical areas were hardest hit by attackers. In the United States, Illinois topped the table with 14.6 victims per 1,000 people. The Prairie State was followed closely by Virginia, which had 13.2 victims per 1,000 people, and New York, which had 11. Total losses due to cybercrime were $107,152,415 in Illinois, $92,467,791 in Virginia, but just $19,876,576 in New York. California was where the most money had been stolen collectively, with $573,624,151 lost to digital thieves. Cybercrime victims in Ohio lost more per person on average ($28,734) than anywhere else in the United States.
(Source: InfoSecurity Magazine)
|
