Monday, April 27, 2015 - 09:08

The newest update to Adobe Reader (Adobe Acrobat Reader DC) offers a free upgrade to Adobe’s cloud solution, which allows users to access their PDFs on any device. But should you use it?

 

Many of our business documents contain sensitive electronic information that should not be sent to cloud providers. Duke employees should be particularly careful with systems offering device syncing to make sure cloud sharing is allowed. Staff should familiarize themselves with the Duke data classification standard and only sync documents classified Public. Contact the IT Security Office at security@duke.edu with questions.

Tuesday, April 14, 2015 - 09:16

With tax filing season winding down, there have been numerous stories in the press regarding tax fraud resulting from identity theft, including a small number of cases affecting Duke employees that are currently being investigated. The investigation gives no indication that these cases resulted from a compromised system at Duke.  Nonetheless, we recognize that this is an increasing threat for everyone and so we are sending out this alert to raise awareness of these issues, and to provide recommendations for protecting your tax records with the IRS.

 

Who is responsible for the increase in fraudulent returns?

No one knows for sure, but many people are chalking up the spike to the increased number of data breaches last year involving victims' personally identifiable information and not from the compromise of one specific vendor. For example, see: http://wtnh.com/2015/03/03/spike-in-tax-fraud-this-filing-season/

 

To proactively protect yourself:

Going forward, we’d highly recommend that you consider the following:

  1. Register with the IRS to have them provide you a PIN Number each year for your filing (http://www.irs.gov/Individuals/Get-An-Identity-Protection-PIN).
  2. Sign up for an account at irs.gov before the bad guys do (http://krebsonsecurity.com/2015/03/sign-up-at-irs-gov-before-crooks-do-i...).
  3. Consider putting a permanent freeze on your credit at the credit reporting agencies, or using a credit protection service. If you do this, you will have to temporarily lift the freeze if you are applying for a loan or other credit. More info can be found on these sites:

 

Experian - https://www.experian.com/freeze/center.html

Transunion - http://www.transunion.com/securityfreeze

Equifax - http://www.equifax.com/help/credit-freeze/en_cp

 

If you find that you have been the victim of identity theft through tax fraud, please take these steps immediately:

The first thing you will want to do is call your local law enforcement and file an identity theft report. This will be needed in case the perpetrators are found and a case can be made against them. You will also want the police report when dealing with the credit reporting agencies to clear up any accounts that may have been opened using your information.

 

Second, you will want to review the IRS recommendations for next steps. You will see instructions to:

  • Contact the FTC and file an identity theft report.
  • Contact the 3 credit reporting agencies and get a fraud alert placed on your credit.
  • Fill out an identity theft affidavit with the IRS.

 

When you contact the IRS, they should also be able to help you with the steps you will need to follow to clear up this year’s filing.

 

Finally, please let us know by contacting your HR representative and/or emailing security@duke.edu. These reports help us to identify whether or not the source of the identity theft came from a system at Duke.

 

Where can I find out more?

Brian Krebs reports on this frequently, and is a good source of information: http://krebsonsecurity.com/?s=tax+return+fraud&x=0&y=0

 

Also, here is a good overview of the current problem from CNN Money: http://money.cnn.com/2015/02/10/technology/security/hackers-tax-refund/

 

 

 

 

Wednesday, March 18, 2015 - 11:06

Duke police have received several recent reports of scams asking students to cash fraudulent checks for third parties.
 
Students receive a check in the mail with instructions to cash it and use the funds to buy money cards to be provided back to the scammer. The check clears long enough for the student to put the cash on the money cards, but the bank later finds the check to be fraudulent and takes the funds back from the student.

 

The scam is similar to long-standing Nigerian fraud schemes like those described by the FBI Cyber Division Public Service.
 

Students who are victims of this fraud should file claims with www.IC3.gov.
 

Pages