• 1979 ESTABLISHED
  • 72 MUNICIPAL CLIENTS
  • 30-40 SINGLE AUDITS ANNUALLY
  • 45+ NONPROFIT CLIENTS
  • 1 LOCAL OFFICE PLEASANT HILL
  • 0 LAWSUITS

Tag: CyberSecurity

Maze Client Alert

There has been a recent increase in scams targeting finance, payroll and human resources departments of local governments. The scam involves emails that look like they are coming from the City Manager or equivalent to staff requesting either a wire transfer or employee W-2 information.

At Maze Live, our recent client day of training, I asked our clients if they had seen such emails and almost everyone raised their hand. In addition, I received an email the following day from a client stating they had received one of those emails while they were at the training.

Unfortunately, a number of clients have fallen for the scam by disclosing employee information or attempting a wire transfer. Given the number of organizations that have been victims, I felt it necessary to send out this alert.

What can you do?

  • Train employees regularly on scams and how to spot suspicious requests
  • Ensure dual authorization for all wire transfers
  • Setup email rules that flag all emails coming from outside your organization
  • Setup email rules to prevent social security numbers from being emailed outside your organization

More information can be found on my blog, including:

You can also check out my recorded session at Maze Live:

Finally, here is an FBI Alert on these types of scams:

If you have any questions feel free to contact us.

Equifax Data Breach

It is still early in the investigation and new information continues to come to light, but it is clear that almost half of all Americans have been impacted by Equifax’s data breach. In light of this, it is hard not to rush impulsively to do something like click on a link to sign up for credit monitoring.  Scammers are already calling or emailing people to say they are with Equifax in order to trick people in disclosing personal information that can be used by other criminals to commit identity theft or infect their computers with malicious software.  This is another risk related to the breach that consumers need to be aware of.

 

Though it will take further time for investigators to bring to light the complete ramifications, it is evident that the impact from this breach will last for decades.

No Easy Solutions

This is a long-term problem. Identity information was stolen in the breach, including names, addresses, and Social Security Numbers (SSNs), will be usable by hackers long after the breach has been forgotten.  10-years from now individuals who had access to the content stolen in the breach could use your SSN–unless you change it.

 

Change your SSN?  If only that were easier. The government generally does not want you to change your SSN number. In order to accomplish this you have to show that you have been a victim and continue to be disadvantaged by using the old SSN.

 

Another potential solution is to place a security freeze and fraud alert on your accounts.  A security freeze alerts potential creditors not to open new accounts.  If you open a new account in the future you will need to unfreeze the account.  This will take time and may delay new loans.  This can be very difficult if you are applying for a mortgage loan.  A fraud alert puts an alert on your account to take extra steps to verify your identity before issuing new credit.

 

 

Some security & privacy professionals think Equifax should pay for credit monitoring for everyone for life.  As mentioned, this information could be used in the distant future, long after their year of free monitoring is over.   Write your congressional members and demand lifelong protection from a lifelong threat.

 

3 Things You Can Do
  1. Sign in up for your own credit monitoring service.  Optionally you can do a credit freeze or fraud alert on your account.
  2. Don’t use Equifax’s free monitoring or their website.
  3. Don’t listen to anyone who calls you about Equifax data breach.  Also, watch out for emails, scammers will use fear to get you to click on a link to take you to a malicious website.

 

To freeze your credit or start a fraud alert call the three major credit reporting agencies.

Phone numbers:
  • Equifax — 1-800-349-9960
  • Experian — 1 888 397 3742
  • TransUnion — 1-888-909-8872
More Information and Sources

These websites will cover everything you need to know. You can start with the following:
State of California Department of Justice, Information Sheet, How to “Freeze” Your Credit Files
Federal Trade Commission, Consumer Information, The Equifax Data Breach: What to Do
Consumer Financial Protection Bureau, blog, Identity theft protection following the Equifax data breach, By Kristin Dohn – SEP 09, 2017
Federal Trade Commission, IdentityTheft.gov website
Social Security Administration, Frequently Asked Questions, Can I change my Social Security number?
Federal Trade Commission, Consumer Information, Equifax isn’t calling
CNN Money, Why Millennials should be really worried about the Equifax breach, by Danielle Wiener-Bronner, 15 SEP 2017
Equifax hack: What’s the worst that can happen? If you’re not worried about the Equifax hack, you should be. by David Goldman, 11 SEP 2017