Open365: open source Office 365 alternative

Open365: open source Office 365 alternative

 

Open365 is an open source Office 365 alternative that allows you to edit or create documents online, and to sync files with the cloud.

The service is in beta currently but you can sign up for it already on the official website. You may use it using a web browser, download clients for Windows, Mac or Linux desktop machines, or for Android. An iOS client is in the making currently and will be made available as well soon.

Open 365 offers two main features that you can make use of. First, it enables you to synchronize files between devices you use and the cloud.

Second, it allows you to view, edit and create documents in the cloud using the technology provided by the Open Source Office suite LibreOffice Online for that.

Open365

open365

You can sign up for the service on the official website currently but the makers plan to release repositories that you can install on servers you have control over to create a self-hosted version of Open365 that you have more control over.

When you sign up for the service you get an email address automatically assigned to you that you use to sign in to the web service and the sync clients, and for mail.

You do get 20 Gigabyte of storage as well right now which is more than what many other file synchronization services offer at the time of writing.

It is unclear however if the 20 Gigabyte are only available during the beta period.

The web service loads the “Hub” view on start automatically. It lists all libraries that you own and that are shared with you by default.

A click on a folder opens the contents directly on the web, a click on files either in one of the editors if the file format is supported, or offered for download if it is not.

The focus is on documents but support goes beyond typical document formats such as docx, xls or pptx. Open365 supports an image viewer that supports all common image formats, and a media player to play audio and video content.

Libraries or individual files can be shared or deleted online, and you may upload new files directly to the web interface using your web browser of choice.

One interesting feature is the ability to create new libraries on the Web, and here specifically the option to encrypt content so that it can only be accessed if the right password is supplied. The password is not linked to the account password.

As far as sharing is concerned, you can share files or libraries with individual users or user groups, and get full control over shared links and permissions online as well.

Document editing and creation

open365 documents

This works for the most part as you would expect it to work. You can load any Office document with a double-click on the web interface, and Open365 will load it in the associated editor.

You can read the document right away there, print it, or start to edit it. If you have used LibreOffice Online or offline before, you will feel right at home, but even if you have not, you will have little issues using Open365 to edit documents.

Open365 saves edits automatically in intervals, but you may use save options to to do manually at any time. Edited documents may be saved online or to the local device instead, and you may export them to the same document format or a different compatible format.

The loading time of documents is a bit slow online right now which means that you will have to wait a couple of seconds before it is displayed in the editor.

Open365 Sync Client

open365 sync

The sync client works for the most part as you would expect it to work. You can use drag and drop to add folders that you want to sync with the cloud, or use the built-in folder browser instead for that.

Folders are turned into libraries automatically when you add them to the sync client. You may change the name of the library and enable encryption before you hit the ok button to start the synchronization.

open365 create

Options are provided to configure the sync process and other features of the desktop client. You open the options with a right-click on the icon in the system tray.

The settings allow you to set download and upload speed limits, disable http syncing, or configure what the service should do when you remove a library from a local directory or when a library is not found on the server.

Open365 Promo Video

Closing Words

Open365 is an alternative to Office 365 and Google Docs. It is free and open source, and ships both with file sync and document viewing, editing and creation options on the Internet.

The option to install Open365 on your own server may make it interesting to users who want or need to keep full control of documents, and cannot or don’t want to use Office 365 or Google Docs because of this.


Landing Page

Posted in Blogs, OpenSource | Tagged , , | Leave a comment

How to use WhatsApp to send encrypted messages

How to use WhatsApp to send encrypted messages

If you have not tried WhatsApp Messenger, you’re missing out on encrypted, unlimited messages with images, video, and audio. Get up to speed on installing and using the app.

whatsapphero.jpg
Image: Jack Wallen

WhatsApp Messenger is an incredibly easy to use and popular mobile messaging system that is encrypted end-to-end for all users. One reason it’s popular is that the app allows users to exchange texts and media messages through their internet provider data plan or using Wi-Fi without having to pay for SMS.

The only caveat to using WhatsApp is that you can only message people who use WhatsApp. For instance, if your contacts are using Google Hangouts or their default messaging app, they won’t be able to communicate with you unless they install WhatsApp.

Here’s how to install and use WhatsApp Messenger on a Verizon-branded Nexus 6.

SEE: Tech Pro Research’s Mobile Device Policy

Installing WhatsApp Messenger

  1. Open the Google Play Store on your Android device.
  2. Search for whatsapp.
  3. Locate and tap the entry by WhatsApp Inc.
  4. Tap Install.
  5. Read the permissions listing.
  6. If the permissions listing is acceptable, tap Accept.

After the installation completes, you should see a launcher for WhatsApp Messenger in your App Drawer or on your home screen. Tap the launcher to fire up the application. The first time you use it, follow these steps.

  1. Agree to the EULA.
  2. Grant WhatsApp permission to access your contacts.
  3. Grant WhatsApp permission to access your photos, media, and files.
  4. Verify your phone number.
  5. Enter your device phone number and then tap the Send button. WhatsApp Messenger can automatically detect the verification code, so you don’t have to open your current messaging app to retrieve the digits.
  6. Grant WhatsApp permission to send and view SMS messages by tapping ALLOW when prompted. WhatsApp will finally detect the incoming verification code.
  7. Enter a name for your profile and tap NEXT.

Now you’re ready to begin using WhatsApp.

Using WhatsApp Messenger

From the main window (Figure A), tap the message icon, and all of your contacts who use WhatsApp Messenger will appear.

Figure A

Figure A
Image: Jack Wallen
The WhatsApp Messenger main window.

If you have contacts that are not using WhatsApp Messenger, tap the Contacts tab, scroll through to find the contact, and tap the INVITE button (Figure B).

Figure B

Figure B
Image: Jack Wallen
Inviting contacts to use WhatsApp Messenger.

Beyond that, using WhatsApp is as simple as using any other messaging app. You might want to check the ability to configure the media auto-download. With this feature (Menu | Settings | Data Usage), you can define what is automatically downloaded when using mobile data and when connected to Wi-Fi (Figure C).

Figure C

Figure C
Image: Jack Wallen
Defining what is downloaded by connection type.

To prevent anything from auto-downloading while using your data plan, uncheck Images for mobile data and check everything for Wi-Fi (Figure D).

Figure D

Figure D
Image: Jack Wallen
Enabling everything to auto-download when connected to Wi-Fi.

One of the best messaging apps

Give WhatsApp a try, and see if it doesn’t quickly wind up becoming your default messaging app — at least for contacts already using or willing to use it.

Posted in Cryptography, Privacy, Security | Tagged , , | Leave a comment

Petya ransomware decryption tool sets your files free

Petya ransomware decryption tool sets your files free

petya-ransomware-cracked

Successful ransomware families including CryptoWall, TeslaCrypt and Locky encrypt the data files on your hard drive and require you to pay a ransom to get the key to decrypt them.

But the Petya ransomware, which we wrote about recently, is somewhat different.

Petya leaves your files alone, but scrambles the Master File Table (MFT) of your C: drive so your computer can’t boot up Windows at all.

The bad news is, normally, the ransomware crooks do a good enough job with the cryptographic parts of the malware to make it all but impossible to break the encryption – and unless you have backups, you have little choice but to pay the ransom if you want your files back.

The good news is that you probably won’t get hit by Petya – this ransomware is pretty rare, according to SophosLabs statistics – but if you are one of the unlucky Petya victims, there’s good news for you, too.

You may not need to pay the ransom at all, because this time, the malware authors weren’t very careful and it’s possible to crack the encryption.

A researcher by the name of “Leo Stone” has figured out how to crack Petya’s encryption, and created a free online “Petya pay no ransom” tool you can use to generate the encryption key without paying.

Petya victims just need to enter some data strings from the affected disk into the online tool, and it uses an algorithm to generate the key, a process described in a GitHub post by leo-stone.

petya-pay-no-ransom-tool-720

You’ll need to attach your infected hard drive to another working computer to extract the necessary data (BleepingComputer has a step-by-step guide for the whole process).

After you enter the data in the tool, it spits out your key, which you next need to enter into the Petya ransom page on your infected computer.

How to prevent ransomware

It’s good news that Petya was relatively easy to crack, but the truth is, today’s ransomware mostly avoids this kind of mistake.

Prevention is far better than a cure, so here are some tips you can use to protect yourself against ransomware.

1. Back up your files regularly and keep a recent backup off-site.

Backups can protect your data against more than just ransomware: theft, fire, flood or accidental deletion all have the same effect. Make sure you encrypt the backed up data so only you can restore it.

2. Don’t enable macros.

A lot of ransomware is distributed in Office documents that trick you into enabling macros. Microsoft has just released a new tool in Office 2016 that can limit the functionality of macros by preventing you from enabling them on documents downloaded from the internet.

3. Consider using Microsoft Office viewers.

They allow you to see what a Word or Excel document looks like without macros. The viewers don’t support macros so you can’t enable them by mistake, either.

4. Be very careful about opening unsolicited attachments.

Most Windows ransomware in recent months has been embedded in documents distributed as email attachments.

5. Don’t give yourself more login power than necessary.

Don’t stay logged in as an administrator any longer than necessary. Avoid browsing, opening documents or other regular work activities while logged in as administrator.

6. Patch, patch, patch.

Malware often relies on bugs in software and applications. When you apply security patches, you give the cybercriminals fewer options for infecting you with ransomware.

7. Train and retrain employees in your business.

Your users can be your weakest link if you don’t teach them how to avoid booby-trapped documents and malicious emails.

8. Segment the company network.

Separate functional areas with a firewall, e.g., the client and server networks, so systems and services can only be accessed if really necessary.

Learn more about how to prevent ransomware

Sophos experts have created a free guide explaining How to stay protected against ransomware.


Image of broken chain courtesy of Shutterstock.com.

Posted in Cryptography, Education, Security | Tagged | Leave a comment

The Accessories Folder in Windows 10 Is a Useful Hidden Gem

The Accessories Folder in Windows 10 Is a Useful Hidden Gem

 

http://www.makeuseof.com/tag/the-accessories-folder-in-windows-10-is-a-useful-hidden-gem/

In Windows 10, the beloved Accessories folder is a little harder to find than it was in the old days. It used to be front and center in the Start menu, always ready to provide you with access to the default Windows tools like Paint, Notepad, Run, and so on.

It’s easy to get confused and think the folder has disappeared along with some other features of older versions of Windows, but it’s still very much alive and kicking, you just need to know where to find it!

First, click the Start menu. Next, click the All Apps button the very bottom. From here, you’ll probably notice the things listed under A, and you’ll see that Accessories isn’t there. That’s because the folder is now called Windows Accessories!

screenshot_30

Scroll down to W (or click the 0-9 on the top off the screen, then select W), and you’ll see Windows Accessories listed right there. Click it, and all the tools you know and love will be there.

What are the tools in the Windows 10 Accessories folder, you ask? You’ll still find Paint, Notepad, Windows Journal, Step Counter, Wordpad, Clipping Tool, and all kinds of tools.

If getting to the Accessories folder for a tool you use frequently, don’t forget that you can pin the ones you use the most to the Start Menu (here’s how).

Posted in Microsoft, Windows 10 | Tagged , | Leave a comment

Windows 10 Tip: Remove the Built-in Apps

Thurrott.com |

Posted on February 10, 2016 by Paul Thurrott

https://www.thurrott.com/windows/windows-10/64488/windows-10-tip-remove-built-in-apps

 

Windows 10 Tip: Remove the Built-in Apps

Windows 10 prevents you from easily uninstalling some of its core built-in apps. But you don’t have to be a rocket scientist to get them off your PC. Here’s the easiest way to do so.

As you may know, you can easily uninstall some of the apps that come with Windows 10 (or, worse, bundled with your PC from the hardware maker). Just right-click them in the Start menu and choose Uninstall from the pop-up menu that appears. Seriously, who on earth needs or wants 3D Builder?

uninstall-menu

The problem, of course, is that many built-in Windows 10 apps cannot be uninstall this way. If you right-click Mail, Photos, Groove, and many other built-in apps, the Uninstall option does not appear.

nope

Fortunately, you can in fact remove any of the built-in Windows 10 apps. You just need to know the trick.

And no, it’s not by using PowerShell. I’ve seen plenty of tips out there for removing the built-in Windows 10 apps with this power-user/developer feature, but come on. That’s like using a sledgehammer to kill a fly. Instead, you can remove these apps much more easily: By using the free CCleaner utility.

To do so, just navigate to Tools, Uninstall in CCleaner and choose the app(s) you wish to uninstall.

ccleaner

The nice thing about this process is that (with the one exception noted below), you can always reinstall any uninstalled app from the Windows Store. So this tip is useful for those who are experiencing an app issue and simply want to reinstall the app as well.

Just one word of warning: Do NOT uninstall the Store app. If you do, the only easy way to get it back is to reinstall Windows 10 over itself. Or, yes, you could use … sigh … PowerShell. :

 

Posted in Microsoft, Windows 10 | Tagged , | Leave a comment

Restoring files from Windows 10’s File History

The File History tool in Windows 10 lets you restore your files if they’re corrupted or inadvertently deleted. Here’s the most straightforward way to handle the task.

http://www.techrepublic.com/article/restoring-files-from-windows-10s-file-history/?tag=nl.e064&s_cid=e064&ttag=e064&ftag=TREe331754
hero
Image: iStockphoto.com/bernie_photo

In my last article, I showed you how to enable and configure File History from the new Windows 10 user interface and how to create a backup. As I explained, once your initial backup is complete, File History will monitor all the files and folders you chose and back up any files you change.

Of course, the ultimate goal of File History is to be able to restore files that have been corrupted or inadvertently deleted. There are three places that you can begin a restore operation in Windows 10; however, they all perform the same basic operation. For the sake of expediency, I’ll cover only one of them in detail, since it is the easiest to find and makes the most sense. Let’s take a closer look.

Initiating a restore operation

You can launch a File History restore operation by accessing a file’s Properties page and using the controls on the Previous Versions tab. Alternatively, you can launch the File History tool and navigate to the Restore command at the bottom of the Backup Options page. But neither of these methods is as intuitive as launching the restore operation from within File Explorer, so that’s the approach we’ll take.

To get started, select the Home tab and go to the Open section. There you’ll see the History button, shown in Figure A. When you click this button, File History will launch in restore mode.

Figure A

Figure AFigure A
You can launch a restore operation from within File Explorer.

Restoring versions of a file

Let’s say you edited a file but now want to revert to a version before you made the changes. To perform this type of a restore operation, select the file in File Explorer and then click the History button. File History will open the most recent backup copy of the file in a preview mode, as shown in Figure B.

Figure B

Figure BFigure B
Clicking History opens a preview of the selected file.

At the top of this window is the Address bar, which displays the path and name of the file. Directly below the Address bar, you’ll see information about the most recent version of the File History backup. In this case, the backup of this file is from December 10, 2015, at 7:37 PM and it’s version 4 of 4. To the left is the outline of the previous version. You can scroll through all the available versions by using the Previous and Next buttons at the bottom of the screen.

As you do, you can scan through the various versions of the file’s contents in the preview window. Once you locate the version you want to restore, just click the green Restore button. File History will then prompt you for the next step, as shown in Figure C.

Figure C

Figure CFigure C
The Replace Or Skip Files dialog offers these options.

The default choice is Replace The File In The Destination. If you want to double-check before proceeding, select Compare Info For Both Files. This will open a File Conflict dialog like the one shown in Figure D. You can select both files, which will append a number to the copied file’s name, then decide later which one you want to keep.

Figure D

Figure DFigure D
The File Conflict dialog will allow you to keep both files.

If you click Skip This File, File History will automatically restore the next file. This seems like an odd behavior and might just be a bug that slipped through. Even so, if it turns out that isn’t the version that you want, you can always repeat the restore operation, as the file is still a part of the backup. In other words, you can restore a version of a file multiple times if you want or need to.

You’ll also notice the cog icon in the upper-right corner of the window. Clicking the icon and choosing Restore To will open the Restore To dialog. Here you can select another location on your hard disk to restore the file, as shown in Figure E. This option also allows you to have two versions of the file so you can decide later which one to keep.

Figure E

Figure EFigure E
You can restore the file to another location on your hard disk.

Regardless of which restore options you choose, you’ll see a copy operation progress dialog box complete with a graph. When the operation is complete, the folder containing the restored file will open.

Restoring individual files

Another situation where you might want to perform a restore operation from File History is when an individual file, or group of files, has been accidentally deleted. Or maybe you intentionally deleted the file and now wish you hadn’t.

To restore a deleted file, open the folder where the file used to be and click the History button. File History will display all the files contained in the most recent backup of that folder, as shown in Figure F. You can then use the Previous button to locate the file.

Figure F

Figure FFigure F
When restoring a deleted file, select the folder where the file used to be. File History will show you all the files contained in the most recent backup of that folder.

Once you locate the file you want to restore, select it and click the green Restore button. File History will display a copy operation progress dialog box and restore the deleted file. Again, when the operation is complete, the folder containing the restored file will open.

The operation is the same for restoring a deleted folder.

Restoring after a hard disk crash

If you have a major hard disk failure, you can use File History to restore the most recent versions of all your files. Once you have Windows 10 installed on your new hard disk, reconnect your external hard disk and launch File History.

To do so, access Settings from the Start menu or from the Action Center, select the Upgrade & Security tile in the Settings window, and select the Backup tab. On the Back Up Using File History page, click the Add A Drive button. Windows 10 will then search for and prompt you to select a drive. When you select the drive containing your backup, File History will recognize that it already contains a set of files. You can begin the restore operation using the steps I explained above for restoring individual files and folders.

About Greg Shultz

Greg Shultz is a freelance Technical Writer. Previously, he has worked as Documentation Specialist in the software industry, a Technical Support Specialist in educational industry, and a Technical Journalist in the computer publishing industry.

Posted in Windows 10 | Tagged , , | Leave a comment

Don’t Be a Victim of Tax Refund Fraud in ’16

KrebsonSecurity

Don’t Be a Victim of Tax Refund Fraud in ’16

https://krebsonsecurity.com/2015/12/dont-be-a-victim-of-tax-refund-fraud-in-16/

December 14 2015

With little more than a month to go before the start of the 2016 tax filing season, the IRS and the states are hunkering down for an expected slugfest with identity thieves who make a living requesting fraudulent tax refunds on behalf of victims. Here’s what you need to know going into January to protect you and your family.

The Growing Tax Fraud MenaceThe good news is that the states and Uncle Sam have got a whole new bag of technological tricks up their sleeves this coming tax season. The bad news is ID thieves are already testing those defenses, and will be working against a financially strapped federal agency that’s been forced to cede much of its ability to investigate and prosecute such crimes.

Tax refund fraud affects hundreds of thousands, if not millions, of U.S. citizens annually. Victims usually first learn of the crime after having their returns rejected because scammers beat them to it. Even those who are not required to file a return can be victims of refund fraud, as can those who are not actually due a refund from the IRS.

By all accounts, the IRS has improved at blocking phony refund requests. The agency estimates it prevented $24.2 billion in fraudulent identity theft refunds in 2013. Trouble is, it actually paid out some $5.8 billion in fraudulent refunds that year that it later determined were bogus, and experts say that is only the fraud the agency knows about, and the true number is likely much higher annually.

Perhaps in response to the IRS’s increasing ability to separate phony returns from legitimate ones, crooks last year massively focused on filing bogus refund requests with the 50 U.S states. To head off a recurrence of that trend in the 2016 filing season, the states and the IRS have hammered out an agreement to examine more than 20 new data elements collected by online providers like TurboTax and H&R Block.

Those new data elements include checking for the repetitive use of the same Internet address to rapidly file multiple returns, and reviewing computer device information (browser user agent string, cookies e.g.) tied to the return’s origin. Another check involves measuring the time it takes to file a return; fraudsters involved in tax refund fraud tend to breeze through returns in just a few minutes because they are generally copying and pasting information into the tax forms, or relying on an automated program to do it for them.

The hope is that the these new checks will let investigators more accurately flag suspicious refund requests processed by tax preparation firms, which also have agreed to beef up lax security around customer accounts. Under the agreement, online providers will enforce:

  • new password standards to include a minimum of eight characters, with upper, lowercase, alphanumerical and special characters;
  • a lock-out feature that blocks users with too many unsuccessful login attempts;
  • the addition of three security questions;
  • some sort of out-of-band verification for email addresses — sending an email or text to the customer with a personal identification number (PIN).

Julie Magee, Alabama’s chief tax administrator, said the state/IRS task force opted not to disclose all 20 of the data elements they will be collecting from tax prep firms.

“The thieves are going to figure these out on their own, and they’re already testing our defenses,” Magee told KrebsOnSecurity. “We don’t want to do anything to make that easier for them.”

ANALYSIS

Whether or not we see an increase in tax refund fraud next year, one thing seems certain: the IRS will prosecute far fewer of the crooks involved. Congress has persistently underfunded the IRS, and budget cuts have pushed prosecutions of identity thieves to a new low. According to the IRS’s 2015 Annual Report, IRS identity theft criminal investigations are down almost 50 percent since 2013.

irs-idtheftprosecutions13-15

Tax fraudsters were so aggressive last year that they actually figured out how to steal consumer identities directly from the agency itself. In August 2015, the IRS disclosed that crooks abused the “Get Transcript” feature on its Web site to steal Social Security numbers and information from previous years’ tax filings on more than 334,000 Americans.

The IRS has responded to the problem of tax ID theft partly by offering Identity Protection PINs (IP PINs) to affected taxpayers that must be supplied on the following year’s tax application before the IRS will accept the return. However, consumers still have to request an IP PIN by applying for one at the agency’s site, or by mailing in form 14039 (PDF).

Incredibly, the process that thieves abused to steal tax transcripts from 334,000 taxpayers this year from the IRS’s site also works to fraudulently obtain a consumer’s IP PIN. In fact, the following redacted screen shot from a notorious cybercrime forum shows a seasoned tax fraudster teaching would-be scammers how to use the IRS’s site to obtain a victim’s IP PIN.

ippin

Both the Get Transcript and the process to retrieve an IP PIN from the IRS’s site are vulnerable because they rely on the applicant supplying static information that is trivial for thieves to obtain, including the taxpayer’s name, date of birth, Social Security number and filing status. After that data is successfully supplied, the IRS uses a service from credit bureau Equifax that asks four so-called “knowledge-based authentication” (KBA) questions.

These KBA questions — which involve multiple choice, “out of wallet” questions such as previous address, loan amounts and dates — can be successfully enumerated with random guessing, but much of the data is readily available via free online social networking and consumer tracking services like Spokeo.

If any readers here doubt how easy it is to buy personal data on just about anyone, check out the story I wrote in December 2014, wherein I was able to find the name, address, Social Security number, previous address and phone number on all current members of the U.S. Senate Commerce Committee. This information is no longer secret (nor are the answers to KBA-based questions), and we are all made vulnerable to identity theft as long as institutions continue to rely on static information as authenticators.

My guess is that a huge chunk of 334,000 victimized via the IRS’s site this year probably will not request the IP PIN and will in fact have fraudulent tax returns filed with their info — whether they request the IP PIN and it is stolen or not. The IRS should just issue the IP PINs to affected taxpayers, instead of asking victims to do it themselves.

Incidentally, the IRS’s Twitter account is still promoting the online Get Transcript capability, even though it no longer offers the service online. For now, the only way to obtain a transcript is via snail mail.

IRS's Twitter account urging followers to use a service that hasn't been available for months.

DON’T BE THE NEXT VICTIM

In notifying 334,000 taxpayers affected by its Get Transcript debacle, the IRS predictably offered victims free credit monitoring services from Equifax. The IRS makes no mention of a more effective way to block ID thieves: Placing a “security freeze” on one’s credit files with the major credit bureaus. See this tutorial about why freezes are more effective than credit monitoring in blocking ID thieves from assuming your identity to open up new lines of credit.

While it’s true that having a security freeze on your credit file won’t stop thieves from committing tax refund fraud in your name, it would stop them from fraudulently obtaining your IP PIN. Also, anyone who has a freeze in place will need to temporarily lift that freeze to take advantage of any credit monitoring services (in this case, the consumer would need to briefly thaw a freeze at Equifax).

-File before the fraudsters do it for you – Your primary defense against becoming the next victim is to file your taxes at the state and federal level as quickly as possible after the 2016 Tax Filing Season begins — which is usually the second or third week in January. Remember, it doesn’t matter whether or not the IRS owes you money: Thieves can still try to impersonate you and claim that they do, leaving you to sort out the mess with the IRS later.

-Get on a schedule to request a free copy of your credit report. By law, consumers are entitled to a free copy of their report from each of the major bureaus once a year. Put it on your calendar to request a copy of your file every three to four months, each time from a different credit bureau. Dispute any unauthorized or suspicious activity. This is where credit monitoring services are useful: Part of their service is to help you sort this out with the credit bureaus, so if you’re signed up for credit monitoring make them do the hard work for you.

Monitor, then freeze. Take advantage of any free credit monitoring available to you, and then freeze your credit file with the four major bureaus. Instructions for doing that are here.

-File form 14039 and request an IP PIN from the government. This form requires consumers to state they believe they’re likely to be victims of identity fraud. Even if thieves haven’t tried to file your taxes for you yet, virtually all Americans have been touched by incidents that could lead to ID theft — even if we just look at breaches announced in the past year alone.

FIGHT BACK

Thieves involved in tax return fraud may be laughing all the way to the bank, but that doesn’t mean we have to suck it up and take it: Exercise your rights to obtain a copy of the phony return, and you may just help put crooks in jail.

If you become of the victim of tax fraud and are motivated to learn who helped to defraud you and Uncle Sam, you can file form 4506 (plus a $50 fee) to get a copy of the return. That information can be shared with your local police, who may be able to use to track down people who help launder the proceeds from tax refund fraud.

Earlier this year, I wrote about Isha Sesay, a Pennsylvania woman who was arrested for receiving phony IRS refunds on behalf of at least two tax fraud victims. Among Sesay’s victims was resident Mike Kasper, whose request for the filing led to Sesay’s arrest. Kasper’s hard work helped expose the IRS’s pervasive authentication weaknesses and later testified to Congress about his ordeal. Sesay is currently scheduled to plead guilty (PDF) to the charges on Dec. 18.

Turns out, Kasper’s sleuthing was key to Sesay’s prosecution. When he found out he’d been victimized, Kasper requested the copy of returns that fraudsters filed in his name, but he did so before filing form 14039 to request an IP PIN.  Had he done it in the opposite order, the IRS would have redacted all of Ms. Sesay personal and financial information.

Poughkeepsie, NY victim Michael Kasper testifying before the Senate Homeland Security Committee in June 2015.

In testimony before the Senate this year, IRS Commissioner John Koskinen explained the reasoning behind that decision: A fraudulent return could include the personal information of other people. The end result is that it is better to file from 4506 and pay $50 to request a photocopy of the fraudulent return before you file form 14039 to formally report the fraud.

“There is a section 6103 of the US code that imposes stiff criminal penalties for sharing tax return information  and the IRS’s tortured view of reality interprets this law, which is intended to protect personal information, so that once you report fraud and they know some information on the return might not be yours, they believe it is against the law for them to ever share that information with you,” Kasper said.

“As a result, when they recently created the process above for victims to get a copy of the fraudulent tax returns filed in their name, the IRS decided they need to redact any personal info that could possibly belong to a criminal,” Kasper continued. “They do everything they can to protect the privacy of the criminal who already violated your privacy. You actually lose all of your rights once you report the crime so it’s better to wait.”

 

 

Posted in Blogs, Privacy, Security, Uncategorized | Tagged | Leave a comment