The ultimate power of account security is in your hands. To protect your online accounts, it is recommended to follow the steps below regularly, especially if you notice changes to your account that you didn’t make.

If you think your account has been compromised, reset your password immediately.

To make your account more secure, follow these steps:

1. Run a scan on your computer with a trusted anti-virus software.

2. Update your account recovery options. Most online account have recovery options, either emails or SMS and/or security questions.

3. Enroll in 2-step verification when available, this adds an extra layer or security to your account.

4. Make sure your computer is updated regularly or setup to update automatically.

5. Protect your password. Never enter your password following a link in an email from an untrusted site. Always go directly to site to login to your account.

6. Use a strong password. Don’t write it down, send it via email or tell anyone.

7. When using a public computer, always sign out of your account. Clear forms, password, cache, and cookies in your browser on a regular basis.

The WannaCry ransomware attack is an ongoing worldwide cyberattack by the WannaCry ransomware cryptoworm targeting the Microsoft Windows Operating System. It encrypts essential files on your Windows device and requires that you pay a ransom to unlock those files.

A "critical" patch had been issued by Microsoft on 14 March 2017 to remove the underlying vulnerability for supported systems, nearly two months before the attack but many organizations had not yet applied it.

Over 200,000 victims and more than 250,000 computers were infected with Ransomware encrypting files with $300 – $600 demand to unlock them.

The worm is primarily impacting business, where it can spread quickly through a network to take down an entire company.

But individuals with PCs running Windows should still take a few precautions.

1)      Make sure you are using a supported version of Microsoft Operating system.

2)      Turn Windows Update on if it's disabled.

3)       Install any software updates immediately and make it a regular habit. Turn on auto-updaters where available.

4)      Be sure to back up all your computing devices. Regularly backing up your devices helps you recover your information should your computer become infected with ransomware.

5)      Be careful what you click on.

This malware was distributed by phishing emails. You should only click on emails that you are sure came from a trusted source. 

End users see the following Ransom-WannaCry Desktop Background:

Email spoofing is the forgery of an email header so that the message appears to have originated from someone or somewhere other than the actual source. Email spoofing is a tactic used in phishing and spam campaigns because people are more likely to open an email when they think it has been sent by a legitimate source.

To Protect Yourself

1.       Never click an unexpected link or download an unfamiliar attachment.

2.       Learn to read email message headers and check domain names and IP addresses.

Most email programs will let you hover your mouse over an email address (or link in an email). What you see pop up should be identical to what you are hovering over. If it is something different, then it is probably spam or phishing for information.

If you have received a suspicious email, delete right away and do not forward it to anyone.

Below is sample of such email we received recently.

Be careful! W-2 Phishing Scam is still around.

Scammers are growing. More IRS scam emails are around this year that IRS has issued an urgent alert in February. As the filing deadline approaches, IRS has urged both Tax professionals and taxpayers to be aware of last-minute phishing scam emails trying to trick people to provide important tax information.

If you receive such W-2 scam email, please forward it to phishing@irs.gov and put “W2 Scam” in the subject line. 

The scam email can be as simple as just a plain text message, and subject line can vary. Example of subjects are "W2", "Request", "Employees 2016", "Copy of W2", "inquiry", etc..just to name a few.

If you receive such scam,

DELETE it completely

Do NOT click any link in that email

Do NOT respond to it

Do NOT open any of the file attached to those emails

Please also be careful when using search engines to find technical help with taxes. Selecting the wrong tax support could lead to a loss of data or a virus in your computer.

<Related link>

IRS, States and Tax Industry Warn of Last-Minute Email Scams:

https://www.irs.gov/uac/newsroom/irs-states-and-tax-industry-warn-of-last-minute-email-scams

Dangerous W-2 Phishing Scam Evolving; Targeting Schools, Restaurants, Hospitals, Tribal Groups and Others:

https://www.irs.gov/uac/dangerous-w-2-phishing-scam-evolving-targeting-schools-restaurants-hospitals-tribal-groups-and-others