A recent study recognized three reasons why people still fall prey to phishing scams:
lack of knowledge, visual deceptions, and inattention to detail.
They say the devil is in the details, and I'll show you why that's true in this case.
Security Signs
There are a few ways to recognize a secure connection between servers. You probably
miss them every time you visit a secure web site. Because these indicators are so
subtle, most of us still can't easily spot them.
Follow along with me here, by going to the Yahoo! Mail login page. Notice a few very
important things here:
1) The URL of the page is https://login.yahoo.com/config/login_verify2. Notice the "s" at
the end of "https." This "s" means the connection is over SSL (Secure Socket Layer),
which means the page has established a secure connection and will encrypt all the
information you enter on this page. You must always look for "https" on any site you use
to enter sensitive information. This includes login pages, online shopping sites and bank
web sites.
2) Notice the closed padlock on the lower right corner of the browser window. If you
move your mouse over it, it will say "Signed by Equifax." If you click on it, it will open a
window that gives you more details regarding the certificate. Every company that asks
you for sensitive information must have a digital certificate, preferably one from an
established certificate authority. VeriSign, Thawte, GeoTrust, and Entrust.net are just a
few of these companies. Also keep in mind that the padlock must always be on the
browser bar; any padlock within the content of the page doesn't mean a thing.
3) Yahoo! users have added security when they activate Yahoo!'s new phishing feature.
If you notice on the mail login page, users can now add an extra layer of security using
personalized sign-in seals such as their own secret message or image on their login
page. Every computer they use to login to their Yahoo! accounts will display this seal,
making it easier for them to recognize if they're on the real Yahoo! site or a fake one.
Phishers be warned!
URL Madness
You can't judge a book by its cover, and in this case, you won't be able to tell if a web
site is a fake just by looking at the web design. These smart criminals can replicate any
web site down to the last detail, and it wouldn't surprise me if they used the same web
designer to do it. Consumers have lost $630 million to email scams in the last two
years, according to Consumer Reports' State of the Net. Phishing is a big business, so
never think for a second that these criminals wouldn't spend thousands of dollars
creating sites as credible as the real thing. Sometimes their designs feel so authentic;
they even link to the real web site to boost your confidence. This is where it gets tricky,
and you must watch out for illegitimate domain names.
Here's what you should look for:
a) Misspelled domains are big deceivers. Phishers will purchase a domain name that
resembles the real domain. They will replace letters with numbers or with other letters.
Pay close attention to the spelling of a domain names, and learn to spot a fake like
www.yohoo.com or www.paypol.com.
b) Variations of domains should also be a red flag. Don't click on any email that contains
URLs like http://center.yahoo-security.net. A legitimate URL should read
http://center.yahoo.com if it actually belongs to Yahoo! Anyone could've purchased
www.yahoo-security.net for a scam (I'm just using Yahoo! as an example here).
c) An IP address looks something like 102.199.60.250. Bottom line, never trust emails
that point you to URLs that only show an IP address.
Other Tips
1) Never test web sites to see if they're legitimate or not. This means entering
passwords or personal information. These sites may install malicious software—known
as keylogger software—that records everything you type, then sends that information to
scammers.
2) Stay abreast of the latest scams: The FBI's web site has a list of all the latest scams
reported, so check it periodically.
3) If you're being urged to "verify" sensitive account information, contact the company
directly instead. Always type the web site's address in the address bar instead of
clicking links on suspicious emails.
4) PayPal never uses generic greetings in their emails. Next time you get an email from
PayPal, check the salutation, as PayPal will usually use your member name.
5) Emails from banks and credit card companies will usually include partial account
numbers. Therefore, one should always be suspicious if the message does not contain
specific personal information.
Thank you, Ron Rebolledo, for a great article.
ron@portebrown.com
www.portebrowntechnology.com
www.portebrown.com
Monday, April 27, 2009
Wednesday, April 22, 2009
Top of the Pack Certification
We announce with pride our Firm's first "Advanced ProAdvisor", a certification for QuickBooks Products. Steven Siedenberg, a CPA.CITP can now add "Advanced ProAdvisor" to his repertoire of creditials.
To become an Advanced Pro Advisor one must:
1) Three years in a row have a ProAdvisor certification.
2) Complete the in-depth courses
3) Complete the rigid exam with a score of 85% or higher
Congratulations to Steve.
To become an Advanced Pro Advisor one must:
1) Three years in a row have a ProAdvisor certification.
2) Complete the in-depth courses
3) Complete the rigid exam with a score of 85% or higher
Congratulations to Steve.
Monday, April 20, 2009
Is there Money Hiding in your Accounts Payable Department?
There may be money hiding in your accounts payable department that is available for your company to use. There are a few simple proceedures you can put into place that will help you reduce or eliminate duplicate payments as well as recover the duplicate payments you might have made. Most systems can detect duplicate entries if an invoice number is put in the exact same way but if the there is a digit change the system will not detect it. For example, 12345-IN is close, but not the exactly the same as 12345IN (the dash is missing).
Some steps to help prevent duplicate payments are:
1. Before signing a check, verify you have an original invoice for the bill you are paying.
2. Never pay from a statement. This is where the greatest chance of duplicate payments can occur because an invoice could be put in a second time.
3. A statement is a good tool to verify that the open invoices on the vendor’s books agree with the open invoices on your books. If your system and the statement do not agree, you may have check(s) that were mailed, but not received, before the statement was printed.
4. A statement is also a good tool to use to see if duplicate payments were made because they should show up as unapplied credits.
5. A statement can also be used as a tool to identify credits the vendor has give you that are not in your system because the paperwork never made it to the accounts payable department.
6. If paying an invoice where goods or services were received, verify the original packing ticket or repair order is attached to the invoice for backup.
7. If you issue purchase orders, verify the price on the purchase order is the same as the invoice.
8. If your purchasing agent negotiates a rebate, develop a way to track qualifying products to make sure you get all you are entitled to.
9. If a vendor offers 2%10 net 30 terms, not taking the discount equates to 36% APR when compounded.
10. If you make a deposit on a large purchase order, enter the deposit on the purchase order so the net amount due shows on the bottom. Compare this amount with the invoice received from the vendor.
11. If you are purchasing parts for resale or as part of the manufacturing process, you may not have to pay sales tax. Verify with your accountant what items you need to pay sales tax on or use tax if purchased out of sate.
12. Develop a standardized way to enter invoice numbers for invoices that do not have an invoice number on them or the invoice number is longer than your system allows for.
If you feel you have overpaid and do not have the staff in place to verify payments were made only once, hire an outside firm to audit your accounts payable records. Usually these firms charge a percentage of the amount they find that is recoverable.
If you have any questions or concerns, please contact Steven I. Seidenberg, CPA, CITP at 847-956-1040 or email him at sis@portebrown.com.
Thank you for your article, Steve.
www.portebrowntechnology.com
www.portebrown.com
Some steps to help prevent duplicate payments are:
1. Before signing a check, verify you have an original invoice for the bill you are paying.
2. Never pay from a statement. This is where the greatest chance of duplicate payments can occur because an invoice could be put in a second time.
3. A statement is a good tool to verify that the open invoices on the vendor’s books agree with the open invoices on your books. If your system and the statement do not agree, you may have check(s) that were mailed, but not received, before the statement was printed.
4. A statement is also a good tool to use to see if duplicate payments were made because they should show up as unapplied credits.
5. A statement can also be used as a tool to identify credits the vendor has give you that are not in your system because the paperwork never made it to the accounts payable department.
6. If paying an invoice where goods or services were received, verify the original packing ticket or repair order is attached to the invoice for backup.
7. If you issue purchase orders, verify the price on the purchase order is the same as the invoice.
8. If your purchasing agent negotiates a rebate, develop a way to track qualifying products to make sure you get all you are entitled to.
9. If a vendor offers 2%10 net 30 terms, not taking the discount equates to 36% APR when compounded.
10. If you make a deposit on a large purchase order, enter the deposit on the purchase order so the net amount due shows on the bottom. Compare this amount with the invoice received from the vendor.
11. If you are purchasing parts for resale or as part of the manufacturing process, you may not have to pay sales tax. Verify with your accountant what items you need to pay sales tax on or use tax if purchased out of sate.
12. Develop a standardized way to enter invoice numbers for invoices that do not have an invoice number on them or the invoice number is longer than your system allows for.
If you feel you have overpaid and do not have the staff in place to verify payments were made only once, hire an outside firm to audit your accounts payable records. Usually these firms charge a percentage of the amount they find that is recoverable.
If you have any questions or concerns, please contact Steven I. Seidenberg, CPA, CITP at 847-956-1040 or email him at sis@portebrown.com.
Thank you for your article, Steve.
www.portebrowntechnology.com
www.portebrown.com
Thursday, April 16, 2009
Top 10 IT Security Threats
Top 10 Security Threats
10. Spam Mail
While it's annoying, it's not a security threat unless it comes with a malicious payload. Your e-mail service
may filter out spam automatically. If not, Outlook's built-in "Junk E-Mail" filter is as effective as the spam
protection in many suites.
9. Phishing Mail
Phishing messages pretend to be from eBay, PayPal, your bank, or the like. If you log in to their fake
sites, they steal your username and password and you're sunk. However, both IE7 and Firefox 2 have
Phishing detection built in.
8. Wireless Attack
If you're not careful, anybody in range can mooch bandwidth from your wireless network and can
rummage through your files, because they're inside your network. Your router's WPA/WEP encryption can
stop the mooching—but you have to use it.
7. Hacker Attack
Hackers don't care about your puny computer enough to attack it directly. They might broadcast a
network virus or release a Trojan, but a personal attack is highly unlikely. Your security suite's firewall and
malware protection should keep you safe.
6. Web Exploits
Some Web sites include malicious code to exploit vulnerabilities in your browser or operating system. Just
visiting the site can infect or damage your system if the vulnerability hasn't been patched, so keep
Automatic Updates on.
5. Adware
Simple adware pops up ads that get in your face. More sinister adware shadows your online activity,
phones home, and tailors ads for you. Up-to-date antispyware is the solution.
4. Viruses
Viruses are insidious. They hide and use your computer to infect other computers. At some predefined
point they strike. Modern antivirus programs are quite good, but add a non-signature anti-malware
program to help with brand-new threats.
3. Spyware/Trojans
Spyware spies on everything you do and steals private information. Trojan horse programs pretend to be
useful but can turn your computer into a spam-spewing zombie. Antispyware plus non-signature antimalware
should keep out these threats.
2. Identity Theft
It's not just about your computer when they use your credit cards, divert your paycheck, and change your
vehicle registration. A full-powered security suite should block all computer-related avenues for identity
theft.
1. Social Engineering
The number one threat to your computer's security is—you! Use common sense. Don't take programs
from strangers, don't go to "iffy" Web sites, and if your security software pops up a warning, READ IT
before you click.
Thanks to Ron Rebolledo of Porte Brown Technology Solutions (www.portebrowntechnology.com) for this article.
10. Spam Mail
While it's annoying, it's not a security threat unless it comes with a malicious payload. Your e-mail service
may filter out spam automatically. If not, Outlook's built-in "Junk E-Mail" filter is as effective as the spam
protection in many suites.
9. Phishing Mail
Phishing messages pretend to be from eBay, PayPal, your bank, or the like. If you log in to their fake
sites, they steal your username and password and you're sunk. However, both IE7 and Firefox 2 have
Phishing detection built in.
8. Wireless Attack
If you're not careful, anybody in range can mooch bandwidth from your wireless network and can
rummage through your files, because they're inside your network. Your router's WPA/WEP encryption can
stop the mooching—but you have to use it.
7. Hacker Attack
Hackers don't care about your puny computer enough to attack it directly. They might broadcast a
network virus or release a Trojan, but a personal attack is highly unlikely. Your security suite's firewall and
malware protection should keep you safe.
6. Web Exploits
Some Web sites include malicious code to exploit vulnerabilities in your browser or operating system. Just
visiting the site can infect or damage your system if the vulnerability hasn't been patched, so keep
Automatic Updates on.
5. Adware
Simple adware pops up ads that get in your face. More sinister adware shadows your online activity,
phones home, and tailors ads for you. Up-to-date antispyware is the solution.
4. Viruses
Viruses are insidious. They hide and use your computer to infect other computers. At some predefined
point they strike. Modern antivirus programs are quite good, but add a non-signature anti-malware
program to help with brand-new threats.
3. Spyware/Trojans
Spyware spies on everything you do and steals private information. Trojan horse programs pretend to be
useful but can turn your computer into a spam-spewing zombie. Antispyware plus non-signature antimalware
should keep out these threats.
2. Identity Theft
It's not just about your computer when they use your credit cards, divert your paycheck, and change your
vehicle registration. A full-powered security suite should block all computer-related avenues for identity
theft.
1. Social Engineering
The number one threat to your computer's security is—you! Use common sense. Don't take programs
from strangers, don't go to "iffy" Web sites, and if your security software pops up a warning, READ IT
before you click.
Thanks to Ron Rebolledo of Porte Brown Technology Solutions (www.portebrowntechnology.com) for this article.
Monday, April 6, 2009
AICPA honorable mentions
In case you're wondering what the 5 honorable mentions are ...
For detail, visit http://infotech.aicpa.org
- Business continuity management and disaster recovery planning
- Conforming to assurance and compliance standards
- Collaboration - information portals
- Business intelligence
- Customer relationship management (CRM)
Check out my previous post for Top 10
For detail, visit http://infotech.aicpa.org
Saturday, April 4, 2009
AICPA TOP TEN
The AICPA recently came out with the top technology initiatives for 2009:
For the details and honorable mentions, please check out http://infotech.aicpa.org
- Information security management
- Privacy management
- Secure data file storage, transmission and exchange
- Business process improvement, work flow and process exception alerts
- Mobile and remote computing
- Training and competency
- Identity and access management
- Improved application and data integration
- Document, forms, content and knowledge management
- Electronic data retention strategy
For the details and honorable mentions, please check out http://infotech.aicpa.org
Saturday, March 21, 2009
americaneagle.com
americaneagle.com, www.americaneagle.com, is now working on the new Porte Brown website, www.portebrown.com.
Fishbowl Inventory Announcement
Porte Brown Technology is happy to announce the certification of our Associate, Steven Seidenberg on Fishbowl Inventory. Fishbowl is a efficient inventory add on to QuickBooks.
Thursday, March 5, 2009
Another Intuit Solution Certification
Our firm's Intuit Certifications keep piling up with the announcement of Steven Seidenberg CPA.CITP recent cerification on Intuit's Warehouse Management ES.
Wednesday, January 21, 2009
Another QuickBooks Enterprise Solutions Expert
We are most happy to announce our fourth certified professional to support our growing QuickBooks Enterprise Solutions clientele, Steven Seidenberg CPA.CITP
Subscribe to:
Posts (Atom)