Security Best Practices for 2024
-
- Posts: 6141
- Joined: Wed Oct 08, 2014 7:27 pm
Security Best Practices for 2024
For years I've felt good from a security perspective with my password manager, email locked down, credit is locked, 2FA is set up when possible. But with an increasing number of data breaches and SIM swaps happening, I'm planning to take some time to increase my security for numerous accounts.
What would you recommend for a "cybersecurity self-audit" of sorts, lock things down further and check if my SS# and other personal info is on the "dark web"?
What would you recommend for a "cybersecurity self-audit" of sorts, lock things down further and check if my SS# and other personal info is on the "dark web"?
Re: Security Best Practices for 2024
[quoted post and reply removed by admin LadyGeek]
I work on cyber security and I'll offer some helpful things I've been stressing with family, friends, and business over the last year or so, in no particular order. Maybe you know them maybe you don't.
1. Set up alerts for all transactions on all your cards and bank accounts. It can be a bit annoying but if a fraudulent transaction happens you'll know quickly and can act.
2. Use a password manager with a solid 4 word passphrase generating long passwords with special characters.
3. Do not ever give out any financial information of any sort on a phome call you receive. Yes even if it's your mother on the other line. Voice deep fakes are getting crazy good. Hang up and call a trusted number, either the number you have in your contacts or on the company website.
4. You probably already have credit alerts on, but make sure you do with all three bureaus
5. The "online data scrubbing" services seem to me to be pretty scam adjacent themselves. I wouldn't bother with them.
6. Use an authenticator app where possible over text/email 2FA.
7. Your SSN probably is leaked and there's probably not much you can do about it beyond freezing your credit and setting up 2FA on all three bureaus.
That's what's off the top of my head.
I work on cyber security and I'll offer some helpful things I've been stressing with family, friends, and business over the last year or so, in no particular order. Maybe you know them maybe you don't.
1. Set up alerts for all transactions on all your cards and bank accounts. It can be a bit annoying but if a fraudulent transaction happens you'll know quickly and can act.
2. Use a password manager with a solid 4 word passphrase generating long passwords with special characters.
3. Do not ever give out any financial information of any sort on a phome call you receive. Yes even if it's your mother on the other line. Voice deep fakes are getting crazy good. Hang up and call a trusted number, either the number you have in your contacts or on the company website.
4. You probably already have credit alerts on, but make sure you do with all three bureaus
5. The "online data scrubbing" services seem to me to be pretty scam adjacent themselves. I wouldn't bother with them.
6. Use an authenticator app where possible over text/email 2FA.
7. Your SSN probably is leaked and there's probably not much you can do about it beyond freezing your credit and setting up 2FA on all three bureaus.
That's what's off the top of my head.
41% VTSAX, 35% VTIAX, 4% VSIAX, 20% VSIGX. 80/20 S/B, 57/43 US/INT, 10% of US holdings allocated to small-cap value. All bonds are US treasuries.
Re: Security Best Practices for 2024
You just made my case. Everything stated gets rehashed on a daily basis.cvoege wrote: ↑Sun Sep 01, 2024 9:15 pm [quoted post and reply removed by admin LadyGeek]
I work on cyber security and I'll offer some helpful things I've been stressing with family, friends, and business over the last year or so, in no particular order. Maybe you know them maybe you don't.
1. Set up alerts for all transactions on all your cards and bank accounts. It can be a bit annoying but if a fraudulent transaction happens you'll know quickly and can act.
2. Use a password manager with a solid 4 word passphrase generating long passwords with special characters.
3. Do not ever give out any financial information of any sort on a phome call you receive. Yes even if it's your mother on the other line. Voice deep fakes are getting crazy good. Hang up and call a trusted number, either the number you have in your contacts or on the company website.
4. You probably already have credit alerts on, but make sure you do with all three bureaus
5. The "online data scrubbing" services seem to me to be pretty scam adjacent themselves. I wouldn't bother with them.
6. Use an authenticator app where possible over text/email 2FA.
7. Your SSN probably is leaked and there's probably not much you can do about it beyond freezing your credit and setting up 2FA on all three bureaus.
That's what's off the top of my head.
Re: Security Best Practices for 2024
That's a good list, Other things to add.cvoege wrote: ↑Sun Sep 01, 2024 9:15 pm [quoted post and reply removed by admin LadyGeek]
1. Set up alerts for all transactions on all your cards and bank accounts. It can be a bit annoying but if a fraudulent transaction happens you'll know quickly and can act.
2. Use a password manager with a solid 4 word passphrase generating long passwords with special characters.
3. Do not ever give out any financial information of any sort on a phome call you receive. Yes even if it's your mother on the other line. Voice deep fakes are getting crazy good. Hang up and call a trusted number, either the number you have in your contacts or on the company website.
4. You probably already have credit alerts on, but make sure you do with all three bureaus
5. The "online data scrubbing" services seem to me to be pretty scam adjacent themselves. I wouldn't bother with them.
6. Use an authenticator app where possible over text/email 2FA.
7. Your SSN probably is leaked and there's probably not much you can do about it beyond freezing your credit and setting up 2FA on all three bureaus.
That's what's off the top of my head.
- Make sure you do not reuse password. This is easily done by using a password manager.
- If the site has security question, see if you can fill them with randomly generated strings and store them in the password manager. Many of these are an avenue for bypass. The worst type of question are "What is your mom's maiden name"?
- Call up your wireless phone provider and add a pin to your SIM. This may not completely secure the sim though since there have been case where the service provider is tricked into bypassing the pin, but the PIN will help.
- As cvoege already pointed out, a common scam is to call you up and use pressure tactic to get your information. For example, I have gotten a few calls from the "fraud" department asking for info often telling me that there is a fraud in progress pressuring you to do something right away. Hang up and call up your firm's main number and asked to be transferred to the fraud department.
- It may be a good idea to turn off the voice print. I feel that this technology doesn't actually increase security. If you fail voice print, you have to talk to a human operator. The voice print is just a way to avoid talking to an operator. Though I have yet to heard of a case where someone use AI voice print to bypass security, the possibility of this happening may not be far off. This is especially true if you are a public speaker and your voice can easily be acquired.
- Scam doesn't have to be high tech. My mom constantly gets form that looks like it came from her state requesting info, but is not an actual form. This goes to any form that may ask for info due to unclaimed properties.
Re: Security Best Practices for 2024
Yes, there are other ways. The one you set up yourself each year when e-filing is a self-select PIN that can be used to confirm your identity if your prior year AGI is not known the next time you file.gavinsiu wrote: ↑Sun Sep 01, 2024 11:39 pm Since SSN is stolen a lot these days, i wonder if there are ways to prevent stolen identity refund scams where someone would pose as you and file a tax return early to steal the refund. Not having a refund would be one protection, but I wonder if there are other ways. For example, I notice that each time I file electronically, I can set up a PIN for next year.
But there is also the more secure identity protection PIN which prevents filing at all without it. The IRS provides you a new one each year (you don't select it). You need to opt in to receive one, and I don't believe that it's possible to opt out after enrolling.
https://www.irs.gov/identity-theft-frau ... ection-pin
Re: Security Best Practices for 2024
I removed an off-topic post. As a reminder, see: General Etiquette
We expect this forum to be a place where people can feel comfortable asking questions and where debates and discussions are conducted in civil tones.
Re: Security Best Practices for 2024
We have one credit card that is used for 95% of CC and Apple Pay transactions. The other cards are locked. ATM card locked as well since it is rarely used.
When you discover that you are riding a dead horse, the best strategy is to dismount.
BACKUPS
For Windows
Plug in a USB hard drive. I use a 1 TB drive
Copy important folders to the drive
Put the drive in a safe deposit box.
I have 5 or 6 drives; some are in a safe deposit box; some are secured locally.
Bottom line: Multiple Backups!
Plug in a USB hard drive. I use a 1 TB drive
Copy important folders to the drive
Put the drive in a safe deposit box.
I have 5 or 6 drives; some are in a safe deposit box; some are secured locally.
Bottom line: Multiple Backups!
Re: Security Best Practices for 2024
Thanks, that's what I do now, but what prevents an attacker from filing a Paper return to counter that?nps wrote: ↑Mon Sep 02, 2024 5:36 am Yes, there are other ways. The one you set up yourself each year when e-filing is a self-select PIN that can be used to confirm your identity if your prior year AGI is not known the next time you file.
But there is also the more secure identity protection PIN which prevents filing at all without it. The IRS provides you a new one each year (you don't select it). You need to opt in to receive one, and I don't believe that it's possible to opt out after enrolling.
https://www.irs.gov/identity-theft-frau ... ection-pin
Re: Security Best Practices for 2024
if will get held without the IP PINgavinsiu wrote: ↑Mon Sep 02, 2024 7:30 amThanks, that's what I do now, but what prevents an attacker from filing a Paper return to counter that?nps wrote: ↑Mon Sep 02, 2024 5:36 am Yes, there are other ways. The one you set up yourself each year when e-filing is a self-select PIN that can be used to confirm your identity if your prior year AGI is not known the next time you file.
But there is also the more secure identity protection PIN which prevents filing at all without it. The IRS provides you a new one each year (you don't select it). You need to opt in to receive one, and I don't believe that it's possible to opt out after enrolling.
https://www.irs.gov/identity-theft-frau ... ection-pin
When you discover that you are riding a dead horse, the best strategy is to dismount.
Re: Security Best Practices for 2024
I don't know. I don't do paper returns unless the IRS requires it; none of my clients have needed it.
When you discover that you are riding a dead horse, the best strategy is to dismount.
Re: Security Best Practices for 2024
According to the IRS:
"If you file your return without your IRS-assigned IP PIN:
We'll reject your electronic return, and you won't be able to e-file.
We'll subject your paper return to additional screenings to validate your identity, delaying any refund you may be due."
Re: Security Best Practices for 2024
To counter the self-select PIN? Nothing. That's the reason to use the IP PINgavinsiu wrote: ↑Mon Sep 02, 2024 7:30 amThanks, that's what I do now, but what prevents an attacker from filing a Paper return to counter that?nps wrote: ↑Mon Sep 02, 2024 5:36 am Yes, there are other ways. The one you set up yourself each year when e-filing is a self-select PIN that can be used to confirm your identity if your prior year AGI is not known the next time you file.
But there is also the more secure identity protection PIN which prevents filing at all without it. The IRS provides you a new one each year (you don't select it). You need to opt in to receive one, and I don't believe that it's possible to opt out after enrolling.
https://www.irs.gov/identity-theft-frau ... ection-pin
- SmileyFace
- Posts: 10001
- Joined: Wed Feb 19, 2014 9:11 am
Re: Security Best Practices for 2024
If you file with TurboTax and start with last years return it carries the PIN forward and auto fills it when filing. It shows it on the screen but if someone is clicking thru quickly they may not realize they are filing with a PIN.JayB wrote: ↑Mon Sep 02, 2024 7:48 amAccording to the IRS:
"If you file your return without your IRS-assigned IP PIN:
We'll reject your electronic return, and you won't be able to e-file.
We'll subject your paper return to additional screenings to validate your identity, delaying any refund you may be due."
-
- Posts: 1010
- Joined: Tue Mar 27, 2018 5:41 am
Re: Security Best Practices for 2024
Title fraud remains a problem. A growing number of County Recorders across the US are offering free property fraud alerts. Typically, you simply register your property index or address with your email address. If anything (e.g. title, lien, etc) is filed against your property you'll be notified by email. This allows you to report and stop it ASAP.
To check your county, simply do an internet search on
[Name of your county] property fraud
To check your county, simply do an internet search on
[Name of your county] property fraud
Re: Security Best Practices for 2024
The thread is doing a nice job covering a lot of the technical stuff to do to protect yourself in 2024.
I'll come at this with 2 very different suggestions, both of which I believe help.
First, think about who the weak links are in your personal ecosystem. Is your spouse properly secured? Your kids? Your parents? Do you have an aunt or uncle that can wreak havoc in some odd way? Help them too. Whatever you do for yourself, help them with those same things too. They probably need the help and might already be worried about it, they just don't know how to channel that worry.
Second, I would advise in writing reaching out to your key financial institutions and asking them for written guidance of what to do. Ask "your gal/your guy" at your FI, or the contact you have at the bank, or whatever, "I am very worried about security threats against my account, including <thing you're worried about> in particular, what does your firm recommend I do to protect myself?"
Take their list and make sure to do everything on it. And i would ask this every year or two.
I suggest this because this way if something terrible does happen (and I hope it never does!) you can ask them to make you whole because you did follow all of their guidance. It's a liability thing.
For good measure, express displeasure (but only a pinch) there is not more you can do, and ask them to invest more energy into making this great. Or maybe it's just me who does this.
Good luck!
I'll come at this with 2 very different suggestions, both of which I believe help.
First, think about who the weak links are in your personal ecosystem. Is your spouse properly secured? Your kids? Your parents? Do you have an aunt or uncle that can wreak havoc in some odd way? Help them too. Whatever you do for yourself, help them with those same things too. They probably need the help and might already be worried about it, they just don't know how to channel that worry.
Second, I would advise in writing reaching out to your key financial institutions and asking them for written guidance of what to do. Ask "your gal/your guy" at your FI, or the contact you have at the bank, or whatever, "I am very worried about security threats against my account, including <thing you're worried about> in particular, what does your firm recommend I do to protect myself?"
Take their list and make sure to do everything on it. And i would ask this every year or two.
I suggest this because this way if something terrible does happen (and I hope it never does!) you can ask them to make you whole because you did follow all of their guidance. It's a liability thing.
For good measure, express displeasure (but only a pinch) there is not more you can do, and ask them to invest more energy into making this great. Or maybe it's just me who does this.
Good luck!
-
- Posts: 595
- Joined: Thu Feb 26, 2015 7:36 pm
Re: Security Best Practices for 2024
But a lot of this is rehash from years ago, what's new for 2024 that we can employ to help secure our financial info? I'm always looking for better security even if it's less convenient. Is Windows 11 more secure then 10? I still don't really know and I consider myself it'ish. Seems like browser password managers are better then 5 years ago but is it better then a dedicated PW manager? Android has a SIM lock now, but I still don't understand exactly what that is.
Re: Security Best Practices for 2024
Lots of great suggestions, but here is something that is a potential weak link... password resets.
Imagine that you (or someone pretending to be you) wants to reset your password at any of your critical sites (banking, investing etc)... how would they do that? What information would they need?
Imagine that you (or someone pretending to be you) wants to reset your password at any of your critical sites (banking, investing etc)... how would they do that? What information would they need?
-
- Posts: 595
- Joined: Thu Feb 26, 2015 7:36 pm
Re: Security Best Practices for 2024
My friend had to reset his 2fa and password at id.me, he said he had to send them a pic of his id, or license, front and back. Apparently it was painless, which I'm not sure if that's good.mptfan wrote: ↑Mon Sep 02, 2024 12:22 pm Lots of great suggestions, but here is something that is a potential weak link... password resets.
Imagine that you (or someone pretending to be you) wants to reset your password at any of your critical sites (banking, investing etc)... how would they do that? What information would they need?
Re: Security Best Practices for 2024
Password resets almost always send you an email. Thus your email is the primary central point of failure you'll have. Make sure it has an extremely strong password.mptfan wrote: ↑Mon Sep 02, 2024 12:22 pm Lots of great suggestions, but here is something that is a potential weak link... password resets.
Imagine that you (or someone pretending to be you) wants to reset your password at any of your critical sites (banking, investing etc)... how would they do that? What information would they need?
41% VTSAX, 35% VTIAX, 4% VSIAX, 20% VSIGX. 80/20 S/B, 57/43 US/INT, 10% of US holdings allocated to small-cap value. All bonds are US treasuries.
Re: Security Best Practices for 2024
I have tried doing this in the past. For years I contact Vanguard telling. them that they should remove the SMS fallback since hackers will just attack the SMS. Most rep frustratingly have no idea what I am talking about and then escalate into nothinginess.evestor wrote: ↑Mon Sep 02, 2024 11:50 am The thread is doing a nice job covering a lot of the technical stuff to do to protect yourself in 2024.
I'll come at this with 2 very different suggestions, both of which I believe help.
First, think about who the weak links are in your personal ecosystem. Is your spouse properly secured? Your kids? Your parents? Do you have an aunt or uncle that can wreak havoc in some odd way? Help them too. Whatever you do for yourself, help them with those same things too. They probably need the help and might already be worried about it, they just don't know how to channel that worry.
Second, I would advise in writing reaching out to your key financial institutions and asking them for written guidance of what to do. Ask "your gal/your guy" at your FI, or the contact you have at the bank, or whatever, "I am very worried about security threats against my account, including <thing you're worried about> in particular, what does your firm recommend I do to protect myself?"
Take their list and make sure to do everything on it. And i would ask this every year or two.
I suggest this because this way if something terrible does happen (and I hope it never does!) you can ask them to make you whole because you did follow all of their guidance. It's a liability thing.
For good measure, express displeasure (but only a pinch) there is not more you can do, and ask them to invest more energy into making this great. Or maybe it's just me who does this.
Good luck!
I raise a similar issue with Fidelity a while back bout the possibility of voice software getting good enough to replicate a person's voice to hack voice print. Their response is that Voice Print is foolproof.
Re: Security Best Practices for 2024
From the technical perspective:ThankYouJack wrote: ↑Sun Sep 01, 2024 7:56 pm For years I've felt good from a security perspective with my password manager, email locked down, credit is locked, 2FA is set up when possible. But with an increasing number of data breaches and SIM swaps happening, I'm planning to take some time to increase my security for numerous accounts.
What would you recommend for a "cybersecurity self-audit" of sorts, lock things down further and check if my SS# and other personal info is on the "dark web"?
use Linux
use a VPN
use a dedicated password manager, not your browser. Linux's native password manager is called pass
Re: Security Best Practices for 2024
Linux is not really more secure than Windows or MacOS. However malware targeting specific OS will probably go with the one with the highest market share.
VPN does not protect you from being hacks. It only blocks your ISP from seeing your traffic.
A dedicated password manager in my opinion is better than the one from a browser, but many of the browsers have made good progress.
-
- Posts: 894
- Joined: Tue Aug 24, 2021 8:32 am
Re: Security Best Practices for 2024
Presumably this question is being asked to reduce the chance of a bad actor defrauding or otherwise gaining access to your accounts and running off with your money. Many things you say you are already doing but I didn't see my #1 on your list:
Stop answering the phone for anyone not already in your personal contacts!
Stop answering the phone for anyone not already in your personal contacts!
Re: Security Best Practices for 2024
Agreed. Operating system security is hard to cover in depth here, but in general, if you were ultra-paranoid, higher net-worth, and don't like mucking around with computers much I would recommend having a dedicated up-to-date iPad you only use to manage financial accounts. Keep all the passwords on the iPad in a password management app with some secured backups in a safe deposit box & elsewhere. iOS is much harder to attack than a standard desktop for almost every user for many reasons beyond the scope of this forum, and as a bonus it's quite easy to learn.gavinsiu wrote: ↑Mon Sep 02, 2024 10:03 pmLinux is not really more secure than Windows or MacOS. However malware targeting specific OS will probably go with the one with the highest market share.
VPN does not protect you from being hacks. It only blocks your ISP from seeing your traffic.
A dedicated password manager in my opinion is better than the one from a browser, but many of the browsers have made good progress.
Again, that's only if you're quite paranoid as that setup costs some money.
https://www.privacyguides.org/en/ is worth reading through if you're a technical user and you want advice on software, operating system settings, web service recommendations, and so on. Focused on privacy but many of the recommendations are good for security as well.
-
- Posts: 6141
- Joined: Wed Oct 08, 2014 7:27 pm
Re: Security Best Practices for 2024
Thanks all. Great suggestions, I'll start going through some of them that I haven't already implemented.
Re: Security Best Practices for 2024
As a seasoned 30 year Linux user I disagree.
Emotionless, prognostication free investing. Ignoring the noise and economists since 1979. Getting rich off of "smart people's" behavioral mistakes.
Re: Security Best Practices for 2024
I used a linux machine as a daily driver, too. I started out with Slackware back in the 90's. If we return to the Windows XP days, this was definitely the case. Over the years, Windows OS has gotten better. Hacks and attacks are now relatively rare because due to hacks the OS is more harden and exploits are quickly patched. Linux desktop in general are in the single digit in percentage, so malware targeting it is going to be low. On the flip side, Linux shows up on tons of servers, so there may be malware targeting them.
The important thing is to be vigilant. Just because your OS is more secure does not mean you can relax and there will be no hacks. Phishing and other attack are not dependent on OS.
Re: Security Best Practices for 2024
Be very careful, with that. The PIN that TurboTax carries forward is the "electronic signing PIN" not the IRS IP PIN. You need to get a new one each year.SmileyFace wrote: ↑Mon Sep 02, 2024 8:04 am If you file with TurboTax and start with last years return it carries the PIN forward and auto fills it when filing. It shows it on the screen but if someone is clicking thru quickly they may not realize they are filing with a PIN.
- SmileyFace
- Posts: 10001
- Joined: Wed Feb 19, 2014 9:11 am
Re: Security Best Practices for 2024
Okay - I clearly don't understand the difference.mapleosb wrote: ↑Tue Sep 03, 2024 8:30 amBe very careful, with that. The PIN that TurboTax carries forward is the "electronic signing PIN" not the IRS IP PIN. You need to get a new one each year.SmileyFace wrote: ↑Mon Sep 02, 2024 8:04 am If you file with TurboTax and start with last years return it carries the PIN forward and auto fills it when filing. It shows it on the screen but if someone is clicking thru quickly they may not realize they are filing with a PIN.
I also don't understand what a prior poster was stating either then. The statement was you won't be able to file electrically without an "IRS IP PIN" and yet I filed 4 tax returns this year with only an "electronic signing pin" only.
The quoted below IRS statement is false if these PINs are different since I, and 3 other people I filed for, only have the electronic PIN.
Or maybe this means if you have such a PIN - you better use it. (If you don't have one - you will be okay but maybe more prone to fraud)JayB wrote: ↑Mon Sep 02, 2024 7:48 amAccording to the IRS:
"If you file your return without your IRS-assigned IP PIN:
We'll reject your electronic return, and you won't be able to e-file.
We'll subject your paper return to additional screenings to validate your identity, delaying any refund you may be due."
Re: Security Best Practices for 2024
Hmm.. I use HR Block and thought that the PIN was the IRS pin. Is that different for HR Block, too? How do I verify that it is the IRS PIN?
Re: Security Best Practices for 2024
OK, I see what is happening, I thinkSmileyFace wrote: ↑Tue Sep 03, 2024 9:04 am Or maybe this means if you have such a PIN - you better use it. (If you don't have one - you will be okay but maybe more prone to fraud)
Yes, you can file electronically just using a electronic signature PIN, ie, in TurboTax. BUT, so can everyone else. For security, you can request an IRS IP PIN so that no one else can file a return on you without that PIN. However, once you file using an IRS IP PIN, you MUST use one every year thereafter or you cannot file electronically, just by paper.
Clear as mud? Hope that helps
-
- Posts: 754
- Joined: Sat Apr 04, 2020 6:08 pm
Re: Security Best Practices for 2024
On HR Block (desktop software, at least) the 6 digit IRS issued IP Pin is on the Federal --> Misc tab. The efiling 5 digit self-selected PIN is entered on the File --> Electronic Filing --> Sign your federal return tab.
Re: Security Best Practices for 2024
So I attempted to view the PIN on my online IRS account. However, I am told that I recently requested a pin and it will not be available for at least 72 hours. I had submitted my extension return a few days ago, so that is probalbyi won't the PIN isn't available. Once I have it, I can compare it to the one entered on my HR block.
- SmileyFace
- Posts: 10001
- Joined: Wed Feb 19, 2014 9:11 am
Re: Security Best Practices for 2024
Clear now. Thanks. I see the IRS IP PIN also changes every year. I did not read far enough to know if MFJ filers use 2 PINs or 1.mapleosb wrote: ↑Tue Sep 03, 2024 10:28 amOK, I see what is happening, I thinkSmileyFace wrote: ↑Tue Sep 03, 2024 9:04 am Or maybe this means if you have such a PIN - you better use it. (If you don't have one - you will be okay but maybe more prone to fraud)
Yes, you can file electronically just using a electronic signature PIN, ie, in TurboTax. BUT, so can everyone else. For security, you can request an IRS IP PIN so that no one else can file a return on you without that PIN. However, once you file using an IRS IP PIN, you MUST use one every year thereafter or you cannot file electronically, just by paper.
Clear as mud? Hope that helps
Seems like it is the same as with many things security related- it might help security wise but will add complexity and potentially other issues.
Re: Security Best Practices for 2024
Lots of info here: Windows 11 Security Book I find it to be an interesting read but it may bore you to tears.mark_in_denver wrote: ↑Mon Sep 02, 2024 12:18 pm Is Windows 11 more secure then 10? I still don't really know and I consider myself it'ish.
I agree 100% with Gavinsiu's points.gavinsiu wrote: ↑Mon Sep 02, 2024 10:03 pmLinux is not really more secure than Windows or MacOS. However malware targeting specific OS will probably go with the one with the highest market share.
VPN does not protect you from being hacked. It only blocks your ISP from seeing your traffic.
A dedicated password manager in my opinion is better than the one from a browser, but many of the browsers have made good progress.
Re: Security Best Practices for 2024
You are correct, the IRS IP PIN changes each year and a new one must be gotten, usually after the 3rd week in January on the IRS website.SmileyFace wrote: ↑Tue Sep 03, 2024 11:26 am Clear now. Thanks. I see the IRS IP PIN also changes every year. I did not read far enough to know if MFJ filers use 2 PINs or 1.
Seems like it is the same as with many things security related- it might help security wise but will add complexity and potentially other issues.
https://www.irs.gov/identity-theft-frau ... ection-pin
I had only procured one for myself in the past filling jointly. This year we added an IRS IP PIN for my spouse. A little bit more of a pain, but what price the extra security?
Good luck going forward.
Re: Security Best Practices for 2024
Your stuff will be all over the dark web, there is no point in going to look for it. Just assume it's all out there already, as that's a very safe assumption.
I think the biggest thing is just be wary and verify. Generally speaking frauds happen a few different ways(not an exhaustive list):
* Technical breakage(i.e. they "hack" your computer/account and steal) This happens, but it's quite rarely if you keep your software and hardware up to date and under support.
* Manipulation: This is usually trying to get you emotionally invested so your logical brain won't be involved. Think your kid needs $5k for bail TONIGHT or something like that.
* Impersonation: This is where they try to impersonate some authority, like trying to act like your bank's fraud detection group or something like that. Emails that look like they are legit but actually link to their own scam website is a common example. With online AI voice impersonation, they can even make phone calls sound like they are from a loved one.
Learn how to verify stuff as it comes up. If you get a phone call asking for personal information, take down their information and tell them you will call them back. Then go verify that the information they gave you is legit, or instead call back on the publicly listed phone number(for example with banks/brokerages use the number printed on the back of your credit card)
When you start getting emotionally invested in a big financial emergency, take a step back and see if you can do some verification, for the example about bail money, reach out to any publicly listed bail bondsmen in the area of the supposed arrest. They can verify that your kid/grandkid/etc really is in need of bail and can even help facilitate the transaction. They almost always are open 24 hours, so it's not a big deal to even call them at 3AM when you get the emergency phone call.
Also know that they often combine methods, it's not like you will ONLY get hit with 1 of the big 3 categories above, they probably will try some combination. Be wary, verify what you can before you send money anywhere. If you have trusted friends, reach out to them and get their opinion before sending money somewhere.
I always recommend sending $10 or some low amount somewhere first, and verifying it all worked *as planned* before sending over larger amounts, even with new ACH, new account setups, Zelle, etc. At the very least this gives you a few minutes of breathing room to reflect and make sure you are doing the right thing before you send larger amounts of money.
When doing cash or in-person transactions, try to meet at a bank, and let the bank verify the cash. It gives you a handy meeting spot, probably with local security already and if it's a bank one of you are doing business with, they are generally really great and happy to confirm and guarantee the transaction for you. People are generally wary to do illegal things inside a bank.
I think the biggest thing is just be wary and verify. Generally speaking frauds happen a few different ways(not an exhaustive list):
* Technical breakage(i.e. they "hack" your computer/account and steal) This happens, but it's quite rarely if you keep your software and hardware up to date and under support.
* Manipulation: This is usually trying to get you emotionally invested so your logical brain won't be involved. Think your kid needs $5k for bail TONIGHT or something like that.
* Impersonation: This is where they try to impersonate some authority, like trying to act like your bank's fraud detection group or something like that. Emails that look like they are legit but actually link to their own scam website is a common example. With online AI voice impersonation, they can even make phone calls sound like they are from a loved one.
Learn how to verify stuff as it comes up. If you get a phone call asking for personal information, take down their information and tell them you will call them back. Then go verify that the information they gave you is legit, or instead call back on the publicly listed phone number(for example with banks/brokerages use the number printed on the back of your credit card)
When you start getting emotionally invested in a big financial emergency, take a step back and see if you can do some verification, for the example about bail money, reach out to any publicly listed bail bondsmen in the area of the supposed arrest. They can verify that your kid/grandkid/etc really is in need of bail and can even help facilitate the transaction. They almost always are open 24 hours, so it's not a big deal to even call them at 3AM when you get the emergency phone call.
Also know that they often combine methods, it's not like you will ONLY get hit with 1 of the big 3 categories above, they probably will try some combination. Be wary, verify what you can before you send money anywhere. If you have trusted friends, reach out to them and get their opinion before sending money somewhere.
I always recommend sending $10 or some low amount somewhere first, and verifying it all worked *as planned* before sending over larger amounts, even with new ACH, new account setups, Zelle, etc. At the very least this gives you a few minutes of breathing room to reflect and make sure you are doing the right thing before you send larger amounts of money.
When doing cash or in-person transactions, try to meet at a bank, and let the bank verify the cash. It gives you a handy meeting spot, probably with local security already and if it's a bank one of you are doing business with, they are generally really great and happy to confirm and guarantee the transaction for you. People are generally wary to do illegal things inside a bank.
Whether rich or poor, a young woman should know how a bank account works, understand the composition of mortgages and bonds, and know the value of interest and how it accumulates. -Hetty Green