Tuesday, April 14, 2015 - 09:16

With tax filing season winding down, there have been numerous stories in the press regarding tax fraud resulting from identity theft, including a small number of cases affecting Duke employees that are currently being investigated. The investigation gives no indication that these cases resulted from a compromised system at Duke.  Nonetheless, we recognize that this is an increasing threat for everyone and so we are sending out this alert to raise awareness of these issues, and to provide recommendations for protecting your tax records with the IRS.


Who is responsible for the increase in fraudulent returns?

No one knows for sure, but many people are chalking up the spike to the increased number of data breaches last year involving victims' personally identifiable information and not from the compromise of one specific vendor. For example, see: http://wtnh.com/2015/03/03/spike-in-tax-fraud-this-filing-season/


To proactively protect yourself:

Going forward, we’d highly recommend that you consider the following:

  1. Register with the IRS to have them provide you a PIN Number each year for your filing (http://www.irs.gov/Individuals/Get-An-Identity-Protection-PIN).
  2. Sign up for an account at irs.gov before the bad guys do (http://krebsonsecurity.com/2015/03/sign-up-at-irs-gov-before-crooks-do-i...).
  3. Consider putting a permanent freeze on your credit at the credit reporting agencies, or using a credit protection service. If you do this, you will have to temporarily lift the freeze if you are applying for a loan or other credit. More info can be found on these sites:


Experian - https://www.experian.com/freeze/center.html

Transunion - http://www.transunion.com/securityfreeze

Equifax - http://www.equifax.com/help/credit-freeze/en_cp


If you find that you have been the victim of identity theft through tax fraud, please take these steps immediately:

The first thing you will want to do is call your local law enforcement and file an identity theft report. This will be needed in case the perpetrators are found and a case can be made against them. You will also want the police report when dealing with the credit reporting agencies to clear up any accounts that may have been opened using your information.


Second, you will want to review the IRS recommendations for next steps. You will see instructions to:

  • Contact the FTC and file an identity theft report.
  • Contact the 3 credit reporting agencies and get a fraud alert placed on your credit.
  • Fill out an identity theft affidavit with the IRS.


When you contact the IRS, they should also be able to help you with the steps you will need to follow to clear up this year’s filing.


Finally, please let us know by contacting your HR representative and/or emailing security@duke.edu. These reports help us to identify whether or not the source of the identity theft came from a system at Duke.


Where can I find out more?

Brian Krebs reports on this frequently, and is a good source of information: http://krebsonsecurity.com/?s=tax+return+fraud&x=0&y=0


Also, here is a good overview of the current problem from CNN Money: http://money.cnn.com/2015/02/10/technology/security/hackers-tax-refund/





Wednesday, March 18, 2015 - 11:06

Duke police have received several recent reports of scams asking students to cash fraudulent checks for third parties.
Students receive a check in the mail with instructions to cash it and use the funds to buy money cards to be provided back to the scammer. The check clears long enough for the student to put the cash on the money cards, but the bank later finds the check to be fraudulent and takes the funds back from the student.


The scam is similar to long-standing Nigerian fraud schemes like those described by the FBI Cyber Division Public Service.

Students who are victims of this fraud should file claims with www.IC3.gov.

Thursday, March 5, 2015 - 10:45

You may have seen the information on the latest named security issue:  Freak.  


Ars Technica has a very good write up on the subject:


Security experts have discovered a potentially catastrophic flaw that for more than a decade has made it possible for attackers to decrypt HTTPS-protected traffic passing between Android or Apple devices and hundreds of thousands or millions of websites, including AmericanExpress.com, Bloomberg.com, NSA.gov, and FBI.gov.


In recent days, a scan of more than 14 million websites that support the secure sockets layer or transport layer security protocols found that more than 36 percent of them were vulnerable to the decryption attacks. The exploit takes about seven hours to carry out and costs as little as $100 per site. The so-called FREAK attack—short for Factoring attack on RSA-EXPORT Keys—is possible when an end user with a vulnerable device—currently known to include Android smartphones, iPhones, and Macs running Apple's OS X operating system—connects to a vulnerable HTTPS-protected website. Vulnerable sites are those configured to use a weak cipher that many had presumed had been retired long ago. At the time this post was being prepared, most Windows and Linux end-user devices were not believed to be affected.


Other resources that you might find helpful include:


A guide to recommended cipher suites for system administrators:




To check to see if you are vulnerable: 



And this site has a few good details for checking server side stuff:



You can also check the ITSO website on information TLS/SSL configurations: