[2017-02-13] NH Today – Tech Talk
Joined Jack Heath today to talk about the new way thieves can get your card/PIN details through Shimmers, and IRS warns of fake emails that may steal your details.
—
Related articles:
IRS: Phishing confuses taxpayers, tops ‘Dirty Dozen’ list of tax scams
Thieves now use “Shimmers” to grab Chip/PIN card data
http://craigpeterson.com/news/thieves-now-use-shimmers-to-grab-chippin-card-data/11686
—
More stories and tech updates at:
www.craigpeterson.com
Don’t miss an episode from Craig. Subscribe and give us a rating:
Follow me on Twitter for the latest in tech at:
www.twitter.com/craigpeterson
For questions, call or text:
855-385-5553
—
Transcript
WGIR_2017-02-13_IRS-Warns-of-Email-Compromise
Below is a rush transcript of this segment, it might contain errors.
Airing date: 02/13/2017
IRS Warns of Email Compromise – ATM Shimmers Present New Problem
Jack Heath: Alright, joining us as a regular contributor on the show, Craig Peterson, our tech guy from the Tech Talk show that airs over the weekend. Craig joins us on the Auto Fair listener lines. And Craig to bring in the technology angle a little bit. This is one of the neat things about being able to work electronically from just about anywhere.
Craig Peterson: Yeah, it is. Good morning.
Jack: Good morning.
Craig: That’s exactly what I’m gonna be doing. And I’m sure a whole lot of other people will. And there’s always some tips and tricks for that sort of thing because some people will be working from homes, some are gonna go to the local coffee shop or breakfast place to grab a little bit to eat with their laptops with them. Or even nowadays, you can do so much on your iPads or other devices Jack, but you gotta be safe. You gotta make sure that you’re using a VPN that goes into your company that you’re routing all of that data to your VPN because people can do something called piggybacking. Are you aware of that Jack? What that’s about?
Jack: Well I imagine they’re just they’re riding along to pick up whatever they can that’s yours.
Craig: Yeah. Well that’s basically right. Many people use VPNs thinking ok, well this is kind of a way to stay safe. But what can actually happen if you’re not doing it properly is a bad guy can get on to your computer and now get into your company’s network via that VPN you just set up. We see it all the time with malware. People are at home. Their kids, of course, are visiting who knows what types of websites online. If you have teenage boys, it could get even worse. And then that malware tries to piggyback from your home computer over on to your corporate network over the VPN. So this is a scary time. IRS just came out with a warning last week with the IRS’s warning about what’s called a business email compromise. And the FBI’s talking about billions of dollars of theft because of it. And that’s where the bad guys are now using days exactly like today so that they’ll send an email out. They’ll find out a little bit more about your business. Who the senior managers are. And what the IRS is mostly concerned about right now. They’ll find out who your human resources people are. And then they’ll send an email to human resources from someone who looks like the senior manager saying hey listen. I gotta review all of the W-2s. Please, you know, before we meet with the accounting, please go ahead and…
Jack: Send them over.
Craig: Exactly. Exactly right. And send them over. Make sure you send all of their information. And now, they’re filing tax returns. Fake tax returns. Now what the IRS has decided to do this year, and now again, I haven’t really heard of this reported, Jack, but the IRS… if you file early. People file early so they can get their money back. And they can use it to pay bills, right? Or buy new things. The IRS this year said we are holding the early file tax returns. We are not going to process them. Because what’s been happening the last few years is the bad guys have done what we’ve just talked about, this business email compromise. They get information from other sources. They then file fake tax returns. Now most people don’t file, what, like April 14th at 11:59pm. So what ends up happening is the bad guys had filed the tax
return on behalf of Mr. Jack Heath. And those bad guys now get a tax refund on behalf of Mr. Jack Heath. They take that money out of the country. Now Jack, you file your taxes. And the IRS says, wait a minute. You already filed, which has made a huge, huge mess. So this year the IRS said forget it. We’re not doing most of these early processing of tax returns. We’re going to wait and see if there were bad guys filing tax returns early.
Jack: Yeah, David.
David Losh: You know it’s interesting you say that too. And there’s always a bad guy out there. There’s always somebody trying to hack into something to get somebody’s information and that’s one of the big things that has been in the news right now and I think Mr. Peterson, you’ve mentioned it before too, where they now have shimmers. If you wanna talk a little bit about that, where we thought our new chip cards were safe, they’re really not.
Craig: Just when you thought it was safe. Yeah. You know we’ve had problems in the past where people were using the ATM and when that card was inserted there’s a little device attached to the front of that ATM. So it then reads the card as you put it in and oftentimes they have a camera set up so they can see your PIN. So, to get around that as well as potential problems here of these running down your credit card number, they have come up with these chips on the PINs. And the payment card industry is pretty proud of themselves because they figured this is going to stop the theft of your credit card information. So what David just mentioned here Jack, is something called a shimmer. This is a device about the size of that chip on your card, and the bad guys can stick that inside the ATM, and they are sticking it inside. And many of these ATM cards have, you know, the processing have been implemented by, well let’s just call them amateurs, at the banks in their IT departments. So the shimmers can not only grab the… the skimmers grab the information on that mag stripe. The shimmers are grabbing the information on the chip. And they can now, on these poorly configured ATM and credit card reading networks, they can now continue to steal the money from your credit cards and your debit cards.
Jack: Awesome. So Craig, with Valentine’s tomorrow, David and I were wondering. Do you think we can get away with the, for our significant others, this excuse to say that on Valentine’s Day, did you get the hundred roses that the drone was gonna drop from Amazon or did the Nor’easter disrupt that coz you were supposed to get it by 10 in the morning.
Craig: Yeah, of course Jack. I think we got a great excuse this week.
Jack: I’m just kidding.
Craig: We had delays last week in delivery for Amazon because of the storm. So I think we got about a week’s worth of here.
Jack: Alright, thanks Craig. Have a good Monday.
—–
Don’t miss any episode from Craig. Visit http://CraigPeterson.com/itunes Subscribe and give us a rating!
Thanks, everyone, for listening and sharing our podcasts. We’re really hitting it out of the park. This will be a great year!
