CIS now offers free trials for several CIS Hardened Images, pre-configured virtual machine images, in the AWS Marketplace. Try a hardened VM today. 

Read More

The US Securities and Exchange Commission today proposed legal changes that would require publicly traded companies to disclose material cybersecurity incidents within four days of such a breach.

The SEC also wants to require “periodic disclosures” of the impact of ongoing cybersecurity threats in regularly scheduled quarterly 10-Q and annual 10-K reports filed by publicly traded firms, further increasing the mandate for transparency on cybersecurity issues. The more immediate reports disclosing security incidents would be filed in 8-K forms, used for unscheduled disclosures.

The idea is to protect investors by improving their ability to inform themselves about the risks involved in investing in a given company, according to the SEC. Given the severity of the threat posed by bad cybersecurity actors, a breach could have a huge impact on a company’s stock value and line of business, the commission said in a statement.

To read this article in full, please click here

Read More

A man accused of being connected to the Russia-linked REvil ransomware group responsible for cyberattacks on organizations including US-based software company Kaseya, has been extradited from Poland and arraigned in a Dallas court.

In November last year, the US Department of Justice charged the man, 22-year-old Yaroslav Vasinskyi, of being behind the July 2021 ransomware attack against Kaseya. Vasinskyi, a Ukrainian national, was taken into custody in Poland and transported to Dallas, where he arrived on March 3.

To read this article in full, please click here

Read More

Authored by Oliver Devane, Vallabh Chole, and Aayush Tyagi 

McAfee has recently observed several malicious Chrome Extensions which, once installed, will redirect users to phishing sites, insert Affiliate IDs and modify legitimate websites to exfiltrate personally identifiable information (PII) data. According to the Google Extension Chrome Store, the combined install base is 80,000 

One extension, ‘Netflix Party’, mimics the original Netflix Party extension, which allows groups of people to watch Netflix shows at the same time. However, this version monitors all the websites you visit and performs several malicious activities.  

The malicious actor behind the extensions has created several Twitter accounts and fake review websites to deceive users into trusting and installing the extensions. 

The victim will be tricked into installing the extension and their data will be stolen when browsing a gift card site.  

The details of each step are as follows: 

The perpetrator creates malicious extensions and adds them to the Chrome Extension Store. They create fake websites to review the extensions and fake Twitter accounts to publicize them.  
A victim may perform a web or Twitter search for Netflix Party, read the review and click on a link that will lead them to the Google Chrome Store.  
They click to install the Extension and accept the permissions. 
The victim will either perform a web search or directly navigate to the gift card website. The Extension will identify the website and redirect them to the phishing page. 
The victim will enter their gift card information on the phishing page. 
The gift card information is posted to the server to which the malicious actor has access. They can now use or sell the stolen data and the victim will lose their funds. 

Technical Analysis 

This section contains the technical analysis of the malicious chrome extension “bncibciebfeopcomdaknelhcohiidaoe“. 

Manifest.json 

The manifest.json file contains the permissions of the extension. The ‘unsafe-eval’ permission in the ‘content_security_policy’ and the allowed use of content.js on any website visited by the user is of particular concern 

Background.js 

When the extension is installed, the background.js script will be loaded. This file uses a simple obfuscation technique of putting all the code on one line which makes it difficult to read. This is easily cleaned up by using a code beautifier and the image below shows the obfuscated script on the first line and the cleaned-up code below the red arrow.  

This script accesses https://accessdashboard[.]live to download a script and store it as variable ‘code’ in Chrome’s local storage. This stored variable is then referenced in the content.js script, which is executed on every visited website.  

Content.js 

After beautification, we see the code will read the malicious script from the ‘code’ variable which was previously stored. 

‘Code’  

The malicious code has three main functions, redirection for phishing, modifying of cookies to add AffiliateIDs, and modifying of website code to add chat windows.  

Redirection for Phishing 

Redirection for phishing works by checking if the URL being accessed matches a list, and conditionally redirects to a malicious IP that hosts the phishing site.  

URLs monitored are: 

https[:]//www.target.com/guest/gift-card-balance 
https[:]//www.macys.com/account/giftcardbalance 
https[:]//www.nike.com/orders/gift-card-lookup 
https[:]//www.nordstrom.com/nordstrom-gift-cards 
https[:]//www.sephora.com/beauty/giftcards 
https[:]//www.sephoragiftcardbalance.com 
https[:]//balance.amexgiftcard.com 
https[:]//prepaidbalance.americanexpress.com/GPTHBIWeb/validateIPAction.do?clientkey=retail%20sales%20channel 
https[:]//amexprepaidcard.com 
[:]//secure4.store.apple.com/shop/giftcard/balance 

Upon navigating to one of the above sites, the user will be redirected to 164[.]90[.]144[.]88. An observant user would notice that the URL would have changed to an IP address, but some users may not. 

The image below shows the Apple Phishing site and the various phishing kits being hosted on this server. 

The phishing sites share similar codes. If a user enters their gift card information, the data will be posted to 52.8.106.52. A network capture of the post request is shown below: 

Modifying of cookies to add AffiliateIDs 

The second malicious function contains AIPStore which is a dictionary containing a list of URLs and their respective monetizing sites which provide affiliate IDs. This function works by loading new tabs which will result in cookies being set on the visited sites. The flow below describes how the extension will work. 

A user navigates to a retail website 
If the retail website is contained in the AIPStore keymap, the extension will load a new tab with a link to a monetizing site which sets the cookie with the affiliate ID. The new tab is then closed, and the cookie will persist.  
The user will be unaware that a cookie would have been set and they will continue to browse the website. 
Upon purchasing any goods, the Affiliate ID will be recognized by the site vendor and commission will be sent to the Affiliate ID owner which would be the Malicious Actor 

The left image below shows the original site with no affiliate cookie, the one on the right highlights the cookie that has been added by the extension. 

Chat Windows 

The final function checks a list of URLs being accessed and if they match, a JS script will be injected into the HTML code which will result in a chat window being displayed. The image below shows the injected script and the chat window. 

The chat window may be used by the malicious actor to request PII data, credit card, and product key information. 

Conclusion 

This threat is a good example of the lengths malicious actors will go to trick users into installing malware such as creating Twitter accounts and fake review websites.  

McAfee advises its customers to be cautious when installing Chrome Extensions and pay attention to the permissions that they are requesting.  

The permissions will be shown by Chrome before the installation of the Extension. Customers should take extra steps to verify the authenticity if the extension is requesting permissions that enable it to run on every website you visit such as the one detailed in this blog 

McAfee customers are protected against the malicious sites detailed in this blog as they are blocked with McAfee WebAdvisor as shown below.  

The Malicious code within the extension is detected as Phish-Extension. Please perform a ‘Full’ scan via the product. 

Type 
Value 
Product 
Detected 

URL – Phishing Sites 
164.90.141.88/* 
McAfee WebAdvisor 
Blocked 

Chrome Extension 
netflix-party – bncibciebfeopcomdaknelhcohiidaoe 
Total Protection and LiveSafe 
Phish-Extension 

Chrome Extension 
teleparty – flddpiffdlibegmclipfcnmaibecaobi 
Total Protection and LiveSafe 
Phish-Extension 

Chrome Extension 
hbo-max-watch-party – dkdjiiihnadmgmmfobidmmegidmmjobi 
Total Protection and LiveSafe 
Phish-Extension 

Chrome Extension 
prime-watch-party – hhllgokdpekfchhhiknedpppjhgicfgg 
Total Protection and LiveSafe 
Phish-Extension 

Chrome Extension 
private-watch-party – maolinhbkonpckjldhnocgilkabpfodc 
Total Protection and LiveSafe 
Phish-Extension 

Chrome Extension 
hotstar-ad-blocker – hacogolfhplehfdeknkjnlblnghglfbp 
Total Protection and LiveSafe 
Phish-Extension 

Chrome Extension 
hbo-ad-blocker – cbchmocclikhalhkckeiofpboloaakim 
Total Protection and LiveSafe 
Phish-Extension 

Chrome Extension 
blocksite – pfhjfcifolioiddfgicgkapbkfndaodc 
Total Protection and LiveSafe 
Phish-Extension 

Chrome Extension 
hbo-enhanced – pkdpclgpnnfhpapcnffgjbplfbmoejbj 
Total Protection and LiveSafe 
Phish-Extension 

Chrome Extension 
hulu-watch-party – hkanhigmilpgifamljmnfppnllckkpda 
Total Protection and LiveSafe 
Phish-Extension 

Chrome Extension 
disney-plus-watch-party – flapondhpgmggemifmemcmicjodpmkjb 
Total Protection and LiveSafe 
Phish-Extension 

Chrome Extension 
spotify-ad-blocker – jgofflaejgklikbnoefbfmhfohlnockd 
Total Protection and LiveSafe 
Phish-Extension 

Chrome Extension 
ott-party – lldibibpehfomjljogedjhaldedlmfck 
Total Protection and LiveSafe 
Phish-Extension 

 

 

The post Come Join the Scam Party appeared first on McAfee Blog.

Read More

Authored by Oliver Devane, Vallabh Chole, and Aayush Tyagi 

McAfee has recently observed several malicious Chrome Extensions which, once installed, will redirect users to phishing sites, insert Affiliate IDs and modify legitimate websites to exfiltrate personally identifiable information (PII) data. According to the Google Extension Chrome Store, the combined install base is 80,000 

One extension, ‘Netflix Party’, mimics the original Netflix Party extension, which allows groups of people to watch Netflix shows at the same time. However, this version monitors all the websites you visit and performs several malicious activities.  

The malicious actor behind the extensions has created several Twitter accounts and fake review websites to deceive users into trusting and installing the extensions. 

The victim will be tricked into installing the extension and their data will be stolen when browsing a gift card site.  

The details of each step are as follows: 

The perpetrator creates malicious extensions and adds them to the Chrome Extension Store. They create fake websites to review the extensions and fake Twitter accounts to publicize them.  
A victim may perform a web or Twitter search for Netflix Party, read the review and click on a link that will lead them to the Google Chrome Store.  
They click to install the Extension and accept the permissions. 
The victim will either perform a web search or directly navigate to the gift card website. The Extension will identify the website and redirect them to the phishing page. 
The victim will enter their gift card information on the phishing page. 
The gift card information is posted to the server to which the malicious actor has access. They can now use or sell the stolen data and the victim will lose their funds. 

Technical Analysis 

This section contains the technical analysis of the malicious chrome extension “bncibciebfeopcomdaknelhcohiidaoe“. 

Manifest.json 

The manifest.json file contains the permissions of the extension. The ‘unsafe-eval’ permission in the ‘content_security_policy’ and the allowed use of content.js on any website visited by the user is of particular concern 

Background.js 

When the extension is installed, the background.js script will be loaded. This file uses a simple obfuscation technique of putting all the code on one line which makes it difficult to read. This is easily cleaned up by using a code beautifier and the image below shows the obfuscated script on the first line and the cleaned-up code below the red arrow.  

This script accesses https://accessdashboard[.]live to download a script and store it as variable ‘code’ in Chrome’s local storage. This stored variable is then referenced in the content.js script, which is executed on every visited website.  

Content.js 

After beautification, we see the code will read the malicious script from the ‘code’ variable which was previously stored. 

‘Code’  

The malicious code has three main functions, redirection for phishing, modifying of cookies to add AffiliateIDs, and modifying of website code to add chat windows.  

Redirection for Phishing 

Redirection for phishing works by checking if the URL being accessed matches a list, and conditionally redirects to a malicious IP that hosts the phishing site.  

URLs monitored are: 

https[:]//www.target.com/guest/gift-card-balance 
https[:]//www.macys.com/account/giftcardbalance 
https[:]//www.nike.com/orders/gift-card-lookup 
https[:]//www.nordstrom.com/nordstrom-gift-cards 
https[:]//www.sephora.com/beauty/giftcards 
https[:]//www.sephoragiftcardbalance.com 
https[:]//balance.amexgiftcard.com 
https[:]//prepaidbalance.americanexpress.com/GPTHBIWeb/validateIPAction.do?clientkey=retail%20sales%20channel 
https[:]//amexprepaidcard.com 
[:]//secure4.store.apple.com/shop/giftcard/balance 

Upon navigating to one of the above sites, the user will be redirected to 164[.]90[.]144[.]88. An observant user would notice that the URL would have changed to an IP address, but some users may not. 

The image below shows the Apple Phishing site and the various phishing kits being hosted on this server. 

The phishing sites share similar codes. If a user enters their gift card information, the data will be posted to 52.8.106.52. A network capture of the post request is shown below: 

Modifying of cookies to add AffiliateIDs 

The second malicious function contains AIPStore which is a dictionary containing a list of URLs and their respective monetizing sites which provide affiliate IDs. This function works by loading new tabs which will result in cookies being set on the visited sites. The flow below describes how the extension will work. 

A user navigates to a retail website 
If the retail website is contained in the AIPStore keymap, the extension will load a new tab with a link to a monetizing site which sets the cookie with the affiliate ID. The new tab is then closed, and the cookie will persist.  
The user will be unaware that a cookie would have been set and they will continue to browse the website. 
Upon purchasing any goods, the Affiliate ID will be recognized by the site vendor and commission will be sent to the Affiliate ID owner which would be the Malicious Actor 

The left image below shows the original site with no affiliate cookie, the one on the right highlights the cookie that has been added by the extension. 

Chat Windows 

The final function checks a list of URLs being accessed and if they match, a JS script will be injected into the HTML code which will result in a chat window being displayed. The image below shows the injected script and the chat window. 

The chat window may be used by the malicious actor to request PII data, credit card, and product key information. 

Conclusion 

This threat is a good example of the lengths malicious actors will go to trick users into installing malware such as creating Twitter accounts and fake review websites.  

McAfee advises its customers to be cautious when installing Chrome Extensions and pay attention to the permissions that they are requesting.  

The permissions will be shown by Chrome before the installation of the Extension. Customers should take extra steps to verify the authenticity if the extension is requesting permissions that enable it to run on every website you visit such as the one detailed in this blog 

McAfee customers are protected against the malicious sites detailed in this blog as they are blocked with McAfee WebAdvisor as shown below.  

The Malicious code within the extension is detected as Phish-Extension. Please perform a ‘Full’ scan via the product. 

Type 
Value 
Product 
Detected 

URL – Phishing Sites 
164.90.141.88/* 
McAfee WebAdvisor 
Blocked 

Chrome Extension 
netflix-party – bncibciebfeopcomdaknelhcohiidaoe 
Total Protection and LiveSafe 
Phish-Extension 

Chrome Extension 
teleparty – flddpiffdlibegmclipfcnmaibecaobi 
Total Protection and LiveSafe 
Phish-Extension 

Chrome Extension 
hbo-max-watch-party – dkdjiiihnadmgmmfobidmmegidmmjobi 
Total Protection and LiveSafe 
Phish-Extension 

Chrome Extension 
prime-watch-party – hhllgokdpekfchhhiknedpppjhgicfgg 
Total Protection and LiveSafe 
Phish-Extension 

Chrome Extension 
private-watch-party – maolinhbkonpckjldhnocgilkabpfodc 
Total Protection and LiveSafe 
Phish-Extension 

Chrome Extension 
hotstar-ad-blocker – hacogolfhplehfdeknkjnlblnghglfbp 
Total Protection and LiveSafe 
Phish-Extension 

Chrome Extension 
hbo-ad-blocker – cbchmocclikhalhkckeiofpboloaakim 
Total Protection and LiveSafe 
Phish-Extension 

Chrome Extension 
blocksite – pfhjfcifolioiddfgicgkapbkfndaodc 
Total Protection and LiveSafe 
Phish-Extension 

Chrome Extension 
hbo-enhanced – pkdpclgpnnfhpapcnffgjbplfbmoejbj 
Total Protection and LiveSafe 
Phish-Extension 

Chrome Extension 
hulu-watch-party – hkanhigmilpgifamljmnfppnllckkpda 
Total Protection and LiveSafe 
Phish-Extension 

Chrome Extension 
disney-plus-watch-party – flapondhpgmggemifmemcmicjodpmkjb 
Total Protection and LiveSafe 
Phish-Extension 

Chrome Extension 
spotify-ad-blocker – jgofflaejgklikbnoefbfmhfohlnockd 
Total Protection and LiveSafe 
Phish-Extension 

Chrome Extension 
ott-party – lldibibpehfomjljogedjhaldedlmfck 
Total Protection and LiveSafe 
Phish-Extension 

 

 

The post Come Join the Scam Party appeared first on McAfee Blog.

Read More

Grand jury indicts two women on suspicion of tampering with election equipment

Read More

Who loves tax season besides accountants? Scammers.  

Emotions can run high during tax time. Even if you’re pretty sure you did everything right, you may still have a few doubts kicking around. Did I file correctly? Did I claim the right deductions? Will I get audited? As it turns out, these are the very same anxieties that criminals use as the cornerstone of their attacks.   

So yes, crooks indeed love tax season. Particularly online. And they’ll bait your digital world with several proven types of scams in an effort to cash in on what can be a somewhat uncertain time. 

The good news is that you have plenty of ways to protect yourself from these scams. Let’s look at what scammers typically have in store, along with some practical advice to protect yourself as you file your taxes—things you can do to keep crooks out of your business this tax season. 

The tax scam landscape 

First, know that you’re probably doing a good job with your taxes. Less than 2% of returns get audited and most discrepancies or adjustments can get handled easily if you address them promptly. 

Still, the wariness of the IRS and intricate tax laws makes for ripe pickings when it comes to hackers, who prey on people’s fear of audits and penalties. Common scams include fake emails, phone calls from crooks posing as IRS agents, and even robocalls that threaten jail time.  

What are crooks looking to do with their scams? Several things: 

Steal account information – Scammers will often try to highjack account or financial information associated with credit cards and banks to steal funds and make purchases with the victim’s accounts. 
File false returns – Scammers will also try and get their hands on personal information like Social Security Numbers, taxpayer ID numbers, and other unique information so that they can file false returns in the victim’s name and claim their refunds. 
Commit identity theft – Scammers may then use this same personal information to open new credit lines and accounts in the victim’s name, as well as commit other forms of identity theft like assuming a victim’s identity to gain employment, housing, insurance, or a driver’s license. 

As if we didn’t have enough to worry about at tax time without crooks in the mix. 

The IRS Dirty Dozen: 12 tax-season scams 

Investigating the landscape even more closely, we can turn to the authority itself, as the IRS has published its most recent top 12 tax season scams, a broad list that includes: 

 

Phishing attacks 
Fake charities 
Threatening impersonator phone calls 
Social media fraud 
Refund Theft 
Senior Fraud 

 

 

Fraud targeting non-English speakers 
Unscrupulous return preparers 
“Offer in Compromise” mills 
Fake payments with repayment demands 
Payroll and HR scams 
Ransomware 

 

For a comprehensive look at each one of these scams, and for ways, you can steer clear of them, check our Guide to IRS & Tax Season Scams. However, there are some common threads to many of these scams. 

For starters, plenty of tax scams involve crooks posing as an IRS employee, perhaps via a phone call or email, to glean personal information from you, or to demand payment—sometimes under the threat of penalties or even jail time. Crooks won’t hesitate to use strong-arm tactics like these and play on your fears. The good news is that such tactics are typically a sign that the contact isn’t legitimate. In fact, a quick way to spot a scam is to know what the IRS won’t do when they contact you. From the IRS.gov website, the IRS will not: 

Initiate contact with taxpayers by email, text messages, or social media channels to request personal or financial information. 
Call to demand immediate payment using a specific payment method such as a prepaid debit card, gift card, or wire transfer. Mention of prepaid cards or wire transfer as a payment option is a surefire sign of a scam. 
Demand that you pay taxes without the opportunity to question or appeal the amount they say you owe. You should also be advised of your rights as a taxpayer. 
Threaten to bring in local police, immigration officers, or other law enforcement to have you arrested for not paying. The IRS also cannot revoke your driver’s license, business license, or immigration status. Threats like these are common tactics scam artists use to trick victims into buying into their schemes. 

What will the IRS do? Usually, the IRS will first mail notification to any taxpayer who owes taxes. IRS collection employees might call on the phone or make an unannounced visit to your home or business. If they require payment, the payment will always be to the U.S. Treasury. Read about other ways to know what the IRS won’t do when they contact you. 

Other types of tax scams that crooks love to use 

Scammers won’t limit themselves to posing as the IRS. They’ll act as an imposter in several other ways as well. For example, they may pose as a popular do-it-yourself tax brand, a tax preparer, or even as a phony charitable organization that promises any donations you make are tax-deductible.  

Here, they may send you phony emails or direct messages or even ring you up with bogus telemarketing or robocalls designed to steal personal information. 

In the cases where the scammers reach you online, the emails and messages they send will vary in their tone and polish—in other words, how authentic they appear. Some will look nearly legitimate and cause even the most hardened of digital skeptics to click on a phony link or download a sketchy attachment. Others, well, will look clearly like spam, complete with spelling and grammatical errors, along with clumsy use of logos, layouts, and design.  

Taken together, both are ways that scammers get people to visit sites designed to compromise personal information … or to download malware like keyloggers that skim account passwords and ransomware that encrypt a victim’s files hold them hostage for a price.  

Social media attacks also made the IRS Dirty Dozen. In a social media attack, scammers harvest information from social media profiles and turn it against their victims. Per the IRS, because “social media enables anyone to share information with anyone else on the Internet, scammers use that information as ammunition for a wide variety of scams. These include emails where scammers impersonate someone’s family, friends, or co-workers.” 

With those personal details gleaned from social media, scammers will send phony links to scam sites, promote bogus charities, or flat-out ask for money or gift cards to “help them out” at tax time.  

Protecting yourself from tax season scams 

Keep your guard up for spammy messages and phishing attacks 

No question that bogus emails, messages, and phone calls remain a popular way for scammers to steal personal and financial information. Spam emails, messages, and the malicious links associated with them abound this time of year as well. It’s always to keep a critical eye open for these, and it’s particularly true during tax season.  

View all emails with attachments and links with suspicion, even if they appear to come from a person, business, or brand you know. Confirm attachments with the people you know before opening. And if you receive a message or alert about an account of yours, visit that company or organization’s website directly to enquire into the status of your account rather than taking a chance by clicking on a link that could send you to a phony website. 

File A.S.A.P. and check your credit report 

One way to protect yourself from an identity thief from claiming a return in your name is to file yours before they do. In fact, many victims of identity theft find out they’ve been scammed when they receive an IRS notification that their tax claim has already been filed. Simply put, file early. 

Here’s another tool that can help you fight identity theft. And get this: it’s not only helpful, but it’s also free. Through the Federal Trade Commission, you are entitled to a free copy of your credit report from each of the three major credit reporting companies once every 12 months. In this report, you can find inaccuracies in your credit or evidence of all-out identity theft.  

Keep in mind that you get one report from each of the reporting companies each year. That works out to three reports total in one year. Consider this: if you request one report from one credit reporting company every four months, you can spread your free credit report coverage across the whole year. 

Keep your social media profiles and posts close to the vest 

As with much of the guidance we offer around social media, one of the best ways to prevent such social media tax attacks is to make your profiles private so that only friends and family can see them. That way, scammers will have a far more difficult time reaching you. Moreover, consider paring back the information you share in your social media profiles, like your alma maters, birthday, mother’s maiden name, pet names—any personal information that a scammer may use to compromise your accounts or the security questions associated with them. 

Security software can protect you from fraud and theft too 

Protecting your devices with comprehensive online protection software can help block the phishing emails and suspicious links that make up many of these tax attacks. Likewise, it can further protect you from ransomware attacks like mentioned above. Additionally, our online Protection Score looks for weak spots in your protection and helps you shore them up, such as if discovers that your info was compromised or part of a data breach. From there, it guides you through the steps to correct the problem. 

Further, consider online protection software that offers identity theft protection as well. A strong identity theft protection package offers cyber monitoring that scans the dark web to detect misuse of your personal info. With our identity protection service, we help relieve the burden of identity theft if the unfortunate happens to you with $1M coverage for lawyer fees, travel expenses, lost wages, and more.  

Think you’ve been a victim of a tax scam? 

The IRS offers steps you can take in the event you suspect fraud or theft. Their current resources include: 

Contacting the Treasury Inspector General for Tax Administration to report a phone scam. Use their “IRS Impersonation Scam Reporting” web page. You can also call 800-366-4484. 
If the scam relates to your state income taxes, report it to your state Attorney General’s office. 
Report phone scams to the Federal Trade Commission as well with the “FTC Complaint Assistant” on FTC.gov. They ask you to add “IRS Telephone Scam” in the notes. 
Reporting an unsolicited email claiming to be from the IRS, or an IRS-related component like the Electronic Federal Tax Payment System, to the IRS at phishing@irs.gov. 

Take a deeper dive on the topic of online tax scams 

As mentioned above, you can get even more up to speed on the different tricks hackers are using by downloading our Guide to IRS & Tax Season Scams. It’s free, and it offers more ways you can protect your identity and information this tax season and year ‘round. 

The post The IRS “Dirty Dozen” – Top Tax Season Scams to Steer Clear of This Year appeared first on McAfee Blog.

Read More