Avoid Falling Victim to Ransomware: An HBK Risk Advisory Services Webinar

Date August 16, 2022
Article Authors

Date: August 24, 2022

Time: 10:00 – 11:00 am, ET

Hosts: William J. Heaven, CPA/CITP, CISA, CSCP, Senior Director; and Justin Krentz, Vertilocity Senior Manager

Our August 24 webinar will provide insights on the topic of ransomware, including steps you can take to protect your business from an attack and what you can do to expedite recovery in the event of an attack.

Attendees will learn:

  • How to identify the most common attack vectors employed to introduce ransomware into a computer system
  • Apply steps to take that will help prevent a ransomware infection
  • List the steps to take if your system is infected with ransomware
  • Define the components of a careful, specific data recovery plan
  • Identify the value of reviewing the experiences of organizations that have been victims of ransomware attacks

Join us on August 24, 2022, for a discussion of how companies can prevent and recover from a ransomware attack.

REGISTER TODAY!

Speak to one of our professionals about your organizational needs

"*" indicates required fields



High Net Worth Families Need a Strategic Plan to Protect Against Cyber Crime

Date July 28, 2022
Article Authors

No one is immune to cyber risks. Digital vulnerability is ubiquitous. High net worth families, even those who take precautions against cyber criminal activity, are often unaware of and surprised by how much of their personal information is publicly available. Cyber criminals are increasingly sophisticated at piecing together disparate data points, stealing identities and launching elaborate cyberspace schemes.

HBK Risk Advisory Services recommends high net worth families adopt a strategic plan designed to manage cyber risks by enabling smarter use of digital technology. The plan should consider the multiple sources of cyber criminality and be updated regularly to address emerging threats.

The Internet

Anything connected to the internet can provide access for a cyber criminal. Of course that includes your computers and smart TVs, but don’t forget about other smart devices, like cars and even some refrigerators. Home and office routers are particularly vulnerable when they are employed beyond the date the manufacturer stops issuing software updates. When using a home Wi-Fi network, turn off remote administration features and be sure your router doesn’t appear in your network listing. And for public Wi-Fi, we recommend using a virtual private network (VPN). Smart devices should be password protected and protected with anti-virus software and a firewall, and the software that drives each device should be updated regularly with the provider’s latest security protections.

Family policies

A majority of cyber attacks are by “insiders,” that is, workers providing some type of service to the entity. We suggest that high-net families ensure they have written statements from each vendor or company they work with describing what that company is doing to protect the family from human and technology threats. We recommend regular background checks on vendors’ employees. We also recommend background checks on household and other staff with access to family houses, offices, and resources.

Administrative, technical, and physical controls are required for all cybersecurity frameworks to achieve cybersecurity. Policies must be well drafted and sufficient, and should be reviewed and updated annually.

HBK Risk Advisory Services can assist families with developing cybersecurity policies covering five key areas:

  1. Connected devices: Defines how public Wi-Fi, VPNs, and home routers are used.

  2. Identity protection: Details how the personal identity of each family member is being protected and includes credit monitoring.

  3. Social media: Describes how to protect the physical security of the family, maintain private information, and protect the image and reputation of the family and business.

  4. Passwords: Sets reasonable standards for developing and regularly changing device passwords.

  5. Payment-authorization: Details how payments are approved and how to protect against unauthorized wire transfers and other fraudulent requests for payments.


Family policies need to be set, then reviewed on a regular basis. Keeping everyone current on and attentive to the policies that have been set is critical to protecting the individuals, family, and business from cyber attacks. One oversight can spell disaster.

Using technology

While protecting yourself from technology, HBK Risk Advisory also recommends the use of technological tools for protection. Key measures include:

  • Data backups: Includes multiple backups of the family office server, smartphones, tablets, and laptops to protect against viruses and ransomware.
  • Encryption: Financial information sent to external vendors, such as accountants and attorneys, can be protected by using secure document storage, which can provide an authorized user access to a particular document or folder, or encrypted email tools to secure the emails.
  • Response: A comprehensive cyber security strategy includes identifying how to respond to a crisis, including forensic cyber services when a hack happens. The plan should address such potentialities as lost phones or laptops, how to respond to phishing emails and phone calls, and how to handle a ransomware event, hacked emails, and network intrusions.

Cyber insurance coverage can be tailored to your family’s needs. Any policy should include at a minimum coverage for breach response, cyber extortion, network interruption, and data restoration costs. HBK Risk Advisory Services can help you assess your cyber insurance coverage and suggest changes.

Cybersecurity can be a complex and technically challenging initiative. Protection requires an intelligent, comprehensive plan designed to meet the specific needs of a high-net-worth individual, family, and business. The plan needs to be thoroughly and meticulously implemented, then monitored regularly to ensure its continued effectiveness against increasingly sophisticated and constantly changing cyber-criminal activities.

Speak to one of our professionals about your organizational needs

"*" indicates required fields



Ever Present: Tax Identity Theft Scams

Date July 23, 2018
Categories
Article Authors
HBK CPAs & Consultants

Although the IRS took successful steps to reduce tax-related identity theft in 2017, the agency warns taxpayers to stay alert about tax identity crime. Because, even though the traditional tax season is months away, for cyber criminals, busy season is year round. It’s important for taxpayers to stay informed. Here are some useful tips on how to avoid tax identity theft.

What is tax-related identity theft?

First, some basic information defining tax related cyber crimes. According to the IRS, tax-related identity theft generally occurs when a thief uses a stolen Social Security number (SSN) to file a tax return claiming a fraudulent refund. The victim is typically unaware until he or she attempts to file a tax return and finds that one has already been filed for that SSN. Alternatively, the taxpayer might discover the theft upon receipt of a letter from the IRS saying it has identified a suspicious return that uses the taxpayer’s SSN.

Scam artists have devised a variety of methods to obtain the information they need to file a tax return under another person’s SSN. During the past several years, the IRS, the Federal Trade Commission (FTC) and many state tax agencies have issued warnings as new methods come to the forefront.

How does tax-related identity theft occur?

Fraudulent returns are just one of many ways taxpayers are victimized. As the saying goes, “you’re only limited by your imagination”. Here are some typical scenarios:

Phone schemes. The IRS, within 10 days after April 18, 2018, highlighted a new phone scam perpetrated by these scam artists who program their computers to display the phone number of the local IRS Taxpayer Assistance Center (TAC) on the taxpayer’s Caller ID. If the taxpayer questions the legitimacy of the caller’s demand for a tax payment, the caller directs him or her to IRS.gov to verify the local TAC phone number.

You can guess what happens next. The caller states the need for a payment typically via a debit card, which allows them to directly access the victim’s bank account.

In another phone scheme, the criminals claim they’re calling from the IRS to verify tax return information. They tell taxpayers that the agency has received their returns and that they simply need to confirm a few details to process them. The taxpayers are prompted to provide personal information such as an SSN and/or bank or credit card numbers.

Digital schemes. Emails that appear to be from the IRS are part of phishing schemes intended to trick the recipients into revealing sensitive information that can be used to steal their identities. The emails may seek information related to refunds, filing status, transcript orders or PIN information.

The scammers have become creative on this approach, too. The emails might seem to come from an individual’s tax preparer and request information needed for an IRS filing. The information request could even come via a text message. Whether by text or email, the communication states that “you are to update your IRS e-file immediately” and includes a link to a fake website that mirrors the official IRS site. Once there, the individual is asked to provide information that gives the thieves all they need. Emails might also include links that cause the recipients to download malware that infects their computers and tracks their keystrokes or allows access to files stored on their computers which can lead to ransomware.

Do businesses need to worry?

Absolutely — businesses have also been targeted by criminals intent on victimizing their employees or the businesses themselves.

For several years now, criminals have employed different spoofing techniques known as business email compromise (BEC) or business email spoofing (BES). They disguise an email to an individual in a company’s human resources or payroll department so it seems to have come from an executive within the company. The email requests a list of all employees and their Forms W-2 — information that can be used to file returns in the employees’ names.

Scammers also are pursuing businesses’ Employer Identification Numbers (EINs). They then report false income and withholding and file for a refund in the companies’ names. Even worse for the companies, the IRS could go after them for payroll taxes reported as withheld but not remitted.

The IRS recently announced that it has seen a sharp increase in the number of fraudulent filings of certain business tax forms, including Schedule K-1 and those filed by corporations and partnerships. As a result, the IRS may ask businesses for additional information (such as the driver’s license numbers of owners) to help identify suspicious tax returns.

How does the IRS contact taxpayers?

The IRS has made it clear that it will not:

  • Threaten to bring in law enforcement to have someone arrested for nonpayment of taxes,
  • Revoke a driver’s license, business license or immigration status for nonpayment,
  • Demand a specific payment method, such as a prepaid debit card, gift card or wire transfer,
  • Request a debit or credit card number over the phone,
  • Demand the payment of taxes without the opportunity to question or appeal the amount owed (the IRS usually mails a bill when a taxpayer owes taxes),
  • Send unsolicited emails, texts or messages through social media channels suggesting taxpayers have refunds or need to update their accounts, or
  • Request any sensitive information online.

The IRS will call or visit a home or business in only very limited circumstances. It might do so, for example, if a taxpayer has a severely overdue tax bill, to secure an employment tax payment, or to tour a business as part of an audit or a criminal investigation. Yet, even in those special situations, the IRS generally will first send several notices by mail. What can victims and targets do?

If you know or suspect you’ve fallen prey to tax-related identity theft, you’ll need to file IRS Form 14039, “Identity Theft Affidavit.” The IRS and FTC recently announced a joint project that allows people to report such theft to the IRS online through the FTC’s IdentityTheft.gov website. Remember, though, that filing the affidavit doesn’t eliminate the need to pay your taxes.

In addition, the FTC advises victims of all types of identity theft to file a complaint on its website and contact one of the three major credit bureaus (TransUnion, Experian and Equifax) to place a fraud alert on their credit records. You also should contact your financial institutions and close any financial or credit accounts opened or tampered with by identity thieves. If you received, but didn’t fall for, a scam email, you should still report it. The IRS urges individuals who receive unsolicited emails purporting to come from the IRS to forward the messages to phishing@irs.gov before deleting.

Stay alert

Don’t make the mistake of letting your guard down because tax season has yet to begin. If you receive a suspicious communication allegedly from the IRS or other taxing authority, please contact us for confirmation of its validity and advice on how to proceed.

Speak to one of our professionals about your organizational needs

"*" indicates required fields