Internet Sales About To Be Taxed – Dangers Of Spam: AS HEARD ON WGAN: [04-10-19]

On This Episode…

Craig is on the WGAN Morning News. This morning they talked about the dangers of spam, spear phishing, and sextortion emails. They also talked about the Supreme Court taxing the online stores.

Related Articles

Share This Episode

For Questions, Call or Text:

855-385-5553

TRANSCRIPT

Below is a rush transcript of this segment, it might contain errors.

Airing date: 04/10/2019

Internet Sales About To Be Taxed – Dangers Of Spam

Craig Peterson  0:00
Hey, good morning, everybody. Sorry, yesterday, I was not able to record a little intro to my Jim podcast. But anyhow, I am today. And we’re planning on doing a security thing this week to on Thursday and Friday. So keep an ear out for that. I got a couple of real interesting cases that we’re going to be talking about. Some major companies and some small companies and what happened to them this week with leaking sensitive data. So this morning, I was on with Ken and Matt. And we talked about two different things. We talked about something I did not talk with Jim about yesterday. And that is how the US has stepped up its tax game. And what is happening with the tax jurisdictions, the Supreme Court decision last fall, that really is going to change everything. So I talked to them about that. And then also, of course course about email, and the email problems we’re having right now, the switch, frankly, that’s been occurring in spearphishing that I saw starting in about six weeks ago, but now it’s starting to reach epidemic levels a lot higher than the measles right now. Anyhow, take care. And here we go. be back tomorrow

Matt Gagnon 1:21
7:38 WGAN Morning News on a Wednesday, which means that it’s time to talk to Craig Peterson, our tech guru who joins us now as he always does at this time, except for last week when he didn’t join us. So he’s back. Ladies and gentlemen, Craig, how are you?

Craig 1:34
I am. I was at a conference last weekend in Phoenix, Arizona.

Matt 1:41
Excuses, excuses.

Ken Altshuler 1:41
So let’s see probably the same kind of whether you’re experiencing this week here in town.

Craig 1:46
Pretty much the you know, it was about 70 degrees inside the conference room for five days. And then I heard rumors that it was in the 90s outside. Yeah, I was a good little boy and stayed in there. The whole time learned and contributed.

Matt 1:59
Soldiered on.

Ken 2:02
So well. Why don’t we start off with email security. This is very safe as I know. We don’t have to worry about anything about email security now do we?

Craig 2:12
Yeah. Well there are some changes in this. I don’t know if you guys noticed some of the changes in the emails that are coming in, these these spear phishing attacks?

Ken 2:21
Spear phishing attacks.

Matt 2:24 
I don’t really like fish.

Ken 2:25
I don’t really mind spearfishing, sounds kind of…

Craig 2:27
You can’t connect, you know, normally when you’re spearfishing, you can’t you don’t get a whole bunch of fish or better with a big net. And for years, that’s what they did, what they would do is send out emails, the exact same emails to as many email addresses as they could get their hands on. And some people would respond. And there’s some interesting science behind this, you know, the Nigerian prince scams that are still going on, but not at the rate they used to. They would have spelling mistakes and grammatical, you guys must have noticed that right?

Matt 3:00 
Yeah. A little bit, yeah.

Craig 3:02 
Yeah. And did you realize that the intention of them putting in, the intent behind putting in the grammatical grammatical errors, as well as the spelling mistakes, was to catch people that weren’t terribly smart, because they were thinking, well, if they don’t notice, if they can get past all of the grammar errors and things, then maybe we can convince them to send us some money, so that we can rescue the Nigerian prince. And that worked and it worked with a quite a few people over a lot of years. And unfortunately, it really hit the senior community because they, this is all new, they weren’t paying that type of close attention. Well, now we’ve gotten smarter. So rather than casting these huge nets out there, what the bad guys have been doing is they’re still phishing but now they’re phishing individuals. And this is a problem that comes from all of the data breaches over the years, it seems like almost every week now we hear about another massive data breach. So on the dark web, there are databases of hundreds of millions. We just found one this year already that had 2 billion records in it, of people’s email addresses their passwords, etc. So the bad guys are get a little smarter. They’ve been doing business email compromise attack that we kind of talked about before, FBI has been warning about them for quite a while, over $12 billion in cash stolen over the last few years to the business email compromise attacks. But what I want to talk about now is a new type of email attacks that’s been happening, because they have so much data. They’ve been doing spear phishing attacks in the realm of what’s called nowadays, sextortion. And they’ll send an email out, the emails look like it’s just a regular warning email, it’ll say, so the subject might be warning, your end, it’ll give your email address ken@gmail.com, for instance, account has been compromised. And then you go into the email because it looks like a warning. And it may look like it’s from Google. In fact, right now, the majority, the number one source for these emails is Gmail. So you’ll get an email is coming from Gmail. So Google, right you have using, so you open it up, look inside it says, Ken, this is a warning that your ken@gmail.com account has been compromised. And they give you some other information like your password. So with the sextortion email, what they’re doing is they’re saying, Ken we have a video of you on and they’ll name some pornographic website, and your password on that site is this. Now remember what we keep warning people about week after week, and that is don’t use the same email address on multiple sites, right? People are still using the same email address on multiple sites. And so the problem that’s arisen from all of this is that people are getting the email, it says, we caught you, we have you on video at this porn site. Here’s your password for that porn site, pay up now, or we are going to release this information. And right now, which of course is a former blackmail, and it’s about 10% of all of the spear phishing attacks, it is increasing. If you are, if you have a business email address that’s been compromised in a breach, you’re twice as likely to be the target of blackmail now, than business email compromise. So this is a very, very big deal. I’ve had listeners who have reached out to me and said, Oh, I got this email and they tell me what it is. They say Should I get a lawyer involved? And you know, bottom line? It obviously it’s up to you. But this is now the fastest growing type of attack. So advice for everybody how to stop this. Change all your email passwords and addresses. Matt, you said you use LastPass right?

Matt 7:26
Yes I do.

Craig 7:28
Yeah, LastPass is great. You know, I prefer 1Password. It’s a lot better for businesses group account sharing, you know, accounts that you might have to share inside of business with different vaults and things. But both of them are excellent. And what I’ll do is everybody that’s on my text list, I’ll send out this thing later today. And I’ll give out the phone number. So you can text me and I’ll send it to this, I’m not selling anything, I’m going to send you my report that compares the password services so you can change your password and get that stuff all straight. I’ll send that out after we get off the air here. But this is huge. And it’s been successful, because people are still using the same email and the same password on multiple websites I live. There’s the biggest tip of the day right there.

Matt 8:22
Were talking to Craig Peterson, our tech guru, he joins us on Wednesdays at this time to go over what’s happening in the world of technology, let’s say for the sake of argument, Mr. Peterson that I sell stuff online. And and you know what i tax is kind of an open question sometimes. The United States seems to have recently paid a little bit more attention to this and trying to figure out how to actually extract more blood from the stone. So tell us a little bit about what you should be aware of if you’re a retailer that sells stuff online.

Craig 8:52
Yeah, if you’re selling stuff online, there’s a US Supreme Court case last year that was heard. And it’s between Wayfair, which is this big online furniture and home goods company. Have you, I’ve seen it online.

Matt 9:07
Oh yeah sure, absolutely.

Craig 9:08
And Wayfai’r’s online and the State of South Dakota, said people in South Dakota who are buying from Wayfair should be paying our state sales tax. Which makes sense, right? I can see that. But the question is Wayfair, who has no presence in South Dakota, no physical presence, know nexus at all, says, Hey, listen, we’re not there. And we know that Congress has really protected the internet from sales taxes, and having to pay it because they kind of wanted it to grow. And it’s just a nightmare if they had to collect sales tax. So the US Supreme Court overturned the law on not taxing companies that had no state nexus. So now, things are going to get very messy, because companies that are selling online, are going to end up having to collect sales tax for every sales tax jurisdiction in the United States. And it’s estimated that there are some 9000 different sales taxes across the United States, because they’re not just talking about the state taxes, which range from 4.7 to 13.5%. Right now, but we’re including local sir taxes, like, if you live in New York City, you’ve got New York state tax, you’ve got the county tax, you’ve got the city tax, it gets kind of crazy. So they’re trying to be kind of reasonable in the ruling. So they’re saying there are going to be thresholds. So most, and this is state by state, by the way, which makes it even more of a nightmare. So some states are saying if you sell 100,000 dollars of product in our state, you now have to pay and withhold the sales taxes. And the threshold varies as I said. Now, big companies like our friends over at Amazon, I love this, because they can easily take care of all of us state sales tax and messes and county and the city and everything else. But the little guys can’t. And so amazon for quite a while has been saying yeah, yeah, we we are we sure have internet sales tax. If this is going to hurt some companies, obviously $100,000 is quite a few sales. But depending on what you’re doing, keep an eye out. Now there are a couple of companies that have popped up in the last little while. Paddle is one of them. But there’s others that are able to do this for you. But I think what’s going to happen is this is going to help Amazon in another way. And that is if you’re selling things online, you’re just going to sell them through Amazon, or through eBay, and let them worry about all of the red tape of filing with some 9000 different taxes in, you know hundreds of jurisdictions throughout the country. So you’re right about that Matt. And if I could text out the links, I also have something this is a free service that Google has, I’ll send you a link to this as well. And what it does is it gives you on your screen, it doesn’t send you emails or anything it asks you for your name and email. And it what it does, it doesn’t use it other than to try and fool you on the web page. So it’ll run you through eight different emails will show them to you on the web page. You can hover over the links and things and it’ll help you understand better whether or not you are, you know, educated enough, if you will, about these types of attacks to protect yourself. So we’ll give you a little quiz and help you out and answer your questions. So I’ll text that out as well. So if you just text either Ken or Matt to me at 855-385-5553. I will send you links to both of those things on the password managers, a big article I wrote on that. And then also a link to Google’s really cool little training thing you can use for yourself and people in your company to help your spear phishing. So just Ken or Matt just text either to me 855-385-5553 and I’ll send that out to you later on today. I’m not going to spam you. I don’t sell these things. I just want to get the information out there because I can’t believe these things are working.

Ken 13:53
Craig Peterson our tech guru joins us every Wednesday at 7:38. Get all of his information directly from him. Thank you, Craig we’ll talk to you next week.

Craig 14:05
Hey gentlemen, take care. Bye bye. 

Craig 14:10 
Alright guys have a great day. It is going to be a busy one today for me because I had my last coaching call from the Cybersecurity Do It Yourself course this afternoon so I gotta get ready for that. Off I go. Take care everybody. Bye bye.