Wednesday, June 7, 2017

FBI Tech Tuesday - Building a Digital Defense Against PII theft (part 1)


News Release from FBI - Oregon
Posted on FlashAlert: June 7th, 2017 12:57 PM
Downloadable file: Tech Tuesday - PII theft - RUSSIAN audio
Downloadable file: Tech Tuesday - PII Theft - RUSSIAN written
Downloadable file: Tech Tuesday - PII Theft - SPANISH audio
Downloadable file: Tech Tuesday - PII Theft - SPANISH written
Downloadable file: Tech Tuesday - PII Theft - ENGLISH audio
** Note: Due to a technical error, this did not (obviously) get send on Tuesday. I apologize for the delay! **

In recent years, the FBI has seen an increase in the number of companies and institutions reporting the theft of Personally Identifiable Information or PII. This theft takes many forms from email phishing attacks to Point-of-Sale theft to the more advanced hacking of vulnerabilities in servers where the information is hosted. The theft of the information can happen at any time, but the effects can be felt for months or years beyond then.

This year saw a proliferation of a two distinct phishing campaigns to steal PII for Tax Fraud. The first is a variation of the business email compromise scam in which a company's executive has his or her email hacked or spoofed. In a traditional business email compromise scheme, the fraudster tries to convince the victim company's finance department to make a payment to a regular vendor or send an invoice to that vendor requesting payment back. The fraudster would re-route the payment midstream and cash out.

In this case, the fraudster uses that exec's account to send emails to the company's human resources, finance or audit department. The email seemingly sent by the executive asks for employees' PII or W-2 information, allegedly for tax or audit purposes. In some cases, the fraudsters have managed to secure sensitive financial and personal information on thousands of workers.

In the second kind of PII theft scheme that we are seeing, the employee himself is a target. We will explain more about that version of the scam in next week's Tech Talk.

In the meantime, here are some helpful hints on what businesses can do to protect themselves:

* Set up two-factor verification systems to confirm the request and receipt of such sensitive information. This could be as simple as a phone call or a face-to-face meeting.

* Establish protocols for sensitive information requests ahead of time and outside of the email environment. You don't want a hacker who already has access to your system to know what your back-up security measures include.

* Ensure that sensitive PII and W-2 information is secured with encryption.

* Establish and maintain robust and strong security for your data, including firewalls, virus protection and spam filters.

For more information on email security concerns or other cyber crimes, check out the FBI's website at or the FBI's Internet Crime Complaint Center at For Tax Fraud Reporting and Information go to
Sent via FlashAlert Newswire. Replies to this message do NOT go back to the sender.
Click here to change or delete these messages.

No comments:

Post a Comment