Jerry Jones CPA
Wouldn’t it be nice to have a CPA that you deal directly with, that understands your business, that works in all 50 states and is there for you when you need him?
“I am a small business owner operating an equipment distribution business in Fontana, CA. I feel fortunate to have known Jerry personally and professionally for over 22 years. Jerry was tempted to walk away when he first saw the mess I had created in growing my business, but he showed patience and persistence in getting our operation organized. Jerry has advised and assisted me with organizing our accounting system, business and personal planning, real estate acquisitions, major supplier negotiations, credit facilities and tax returns. His knowledge with the tax laws and requirements is quite reassuring. In short, I have known Jerry through good times and bad and he has proven to be a very valuable resource to the company and myself. If anyone has any questions, I would happy to talk to you and elaborate further”.
Will M., President, WRM, Inc.

'We Could Not Deliver Your Parcel' email could be scam

deliver parcel scam fraud CPA taxElizabeth Weise , USATODAY

SAN FRANCISCO — As Christmas approaches, experts suggest an extra dollop of caution before clicking on email package delivery notices. Fake notifications are proliferating, bringing not holiday cheer — but holiday ransomware.

The holiday phishing season began just before Thanksgiving and will likely extend until after Christmas, said Caleb Barlow, vice president for IBM Security.

“This is a $445 billion business. These are campaigns, run by the criminal equivalent of marketers,” he said.

Security company FireEye sees a significant increase in fake package email alerts beginning in November, an almost 100% increase from the average of September-October.

Common subject lines the company has been tracking include:


*We could not deliver your parcel, #00556030
*Please Confirm Your DHL Shipment
*Problems with item delivery, n.000834069
*Delivery Receipt | Confirm Awb no:XXX830169
*Your order is ready to be delivered
*Courier was unable to deliver the parcel, ID00990381
*Your DHL is here please download attachment to view detail and confirmation of your address

Let the clicker beware

It’s important to remember legitimate shippers such as Amazon, FedEx and UPS have nothing to do with this and haven't done anything here.

“It’s the bad guys trying to trick you into thinking it’s them, not the companies themselves,” Barlow said.

UPS keeps a page on its site showing various examples of fake delivery notices, with tips on how to spot fraud. The Federal Trade Commission also has information up on how consumers can protect themselves.

The fake messages tend to come in two main types.

Some contain malware that invades your computer and either allows it to be used by a botnet or attempts to find and extract personal information about you that could be sold, or login information for your financial accounts.

The most damaging can contain ransomware. This is software that allows criminals to remotely lock up your computer. They then send a message demanding payment in untraceable digital currency such as Bitcoin.

These campaigns can be enormous. IBM's XForce security team began tracking a massive spam campaign Nov. 21 that flooded millions of inboxes with fake delivery notifications carrying the subject line "Your order has dispatched."

Instead of a package update, they carried a malicious zip attachment that downloaded the Locky ransomware program. At its peak, the campaign involved 44% of all incoming spam emails to IBM's decoy accounts designed to gather information about potential threats.

Security firms globally are always on alert for this type of attack and quickly identify and block new malware variants. That, too, was visible in the IBM

“Every time the good guys figure it out, the bad guys pivot, tweak their code and try again,” Barlow said.

Phishing attacks all have a common objective: to get people to trust the receiver and follow instructions, which are usually to click on a URL or open an attachment, said Paul Calatayud, chief technology officer at the security firm FireMon.

Check it twice

To protect yourself, look carefully at any emailed package delivery notice. Do they include your full name, customer number and actual information from the company? Is the email address it came from actually the company or some odd variant?

For example, an email purporting to be from FedEx that came to this reporter Wednesday was actually from, a nonexistent address.

If there’s any doubt don’t click, experts say. Take the time to actually type in the Amazon or UPS or FedEx address. It won't take that much longer but will
protect you.

“To a malicious actor, this is optimal phishing season and the phishing is good!” said Thomas Pore, director of IT for security company Plixer International. “As much as you want to click and open, just don’t do it.”

Read or Share this story:

Designed by NJ Designs