It’s tax season, which means it’s also time for tax scams, with numerous online scams that attempt to steal people’s tax refunds, bank accounts, or identities. Last year, the Internal Revenue Service (IRS) estimates it paid $5.2 billion in fraudulent identity theft refunds in filing season 2013.[1] Websense Security Labs reported in 2014 it saw approximately 100,000 IRS-related scams in circulation every two weeks.[2]

This year, we need to be especially careful in light of the Anthem Breach, in which data from approximately 80 million customers was exposed, triggering new phishing attacks offering false claims of credit monitoring services.

Users who have already filed their taxes this season can still be vulnerable to tax-related scams. Many schemes take advantage of users by alleging to have information about the filer’s refund, or noting a problem with the return that was previously filed.

One scam that has already been impacting users this season involves phishing emails claiming to be from Intuit’s TurboTax. The emails prompt users to click on links to verify their identity or update their accounts in an attempt to download malware to the victim’s machine, or steal data such as Social Security numbers or financial information.

Below are some of the most common email scams users should be cautious about:

  • The email says the user is owed a refund and should forward a bank account number where the refund may be deposited. Once the scammer has the bank account information, that account will see a big withdrawal, not a deposit.


  • The email contains exciting offers or refunds for participating in an “IRS Survey.” This fake survey is actually used to acquire information to perform identity theft.


  • The email threatens the user with fines or jail time for not making an immediate payment, or responding to the email.


  • The email includes a “helpful” downloadable document (e.g. “new changes in the tax law,” a tax calculator, etc.). In reality, the download is a malicious file intended to infect your computer.



How To Avoid Becoming A Tax-Scam Victim


  • Do not respond to emails appearing to be from the IRS.  The IRS does not initiate taxpayer communications through email or social media to request personal or financial information. If you receive an unsolicited email claiming to be from the IRS, send it to phishing@irs.gov.


  • Do not respond to unsolicited emails and do not provide sensitive information via email. If the email appears to be from your employer, bank, broker, etc., contact the entity directly. Do not open any attachments or click on links contained in unsolicited or suspicious emails.


  • Carefully select the tax sites you visit. Use caution when searching online for tax forms, advice on deductibles, tax preparers, and other similar topics. Do not visit a site by clicking on a link sent in an email, found on someone’s blog, or in an advertisement. The website you land on may look just like the real site, but it may be a well-crafted fake.


  • Secure your computer.  Make sure your computer has all operating system and application software updates. Anti-virus and anti-spyware software should be installed, running, and receiving automatic updates. Ensure you use a strong password and different passwords for each account.



 IRS 2015 Dirty Dozen Tax Scams: www.irs.gov/uac/Newsroom/IRS-Completes-the-Dirty-Dozen-Tax-Scams-for-2015

What to Do if Your Identity is Stolen- FTC Guidebook:   http://www.consumer.ftc.gov/articles/pdf-0009-taking-charge_0.pdf

Taxpayer Guide to Identity Theftwww.irs.gov/uac/Taxpayer-Guide-to-IdentityTheft

Tax Scams/Consumer Alertswww.irs.gov/uac/Tax-Scams-Consumer-Alerts

Report Phishingwww.irs.gov/uac/Report-Phishing

[1] http://www.gao.gov/products/GAO-14-633

[2] http://money.cnn.com/2014/03/18/smallbusiness/tax-cyberscams/


Online Safety for College-Bound Kids

8 online safety rules for college-bound kids

Previous generations didn’t need to have “the digital talk” but in a world where what goes online stays online, it’s essential.

1. The Internet is forever – Think about future employers, including those coveted summer internships Don’t post anything online, including inappropriate photos, which would make a future employer think twice about hiring you. Good judgment is something employers look for, show that you have it.

2. Don’t add your address to your Facebook profile – Keep your address private. Anyone who needs your address can get it from you directly.

3. Don’t broadcast your location – Go ahead and check-in at your favorite coffee place and post photos of you and friends at a concert. Just do it sparingly. People don’t need to know where you are all the time or when your dorm room or apartment might be empty.

4. Don’t “friend” people you don’t know – Be choosy when it comes to friending people on social media. Just because someone sends you a friend request doesn’t mean you have to accept it—especially if you have no idea who they are.

5. Guard your social security number – Your social security number is a winning lottery ticket to a fraudster. It is the key to stealing your identity and taking over your accounts. Keep your social security card locked away in a safe place. Memorize the number so you can minimize using the card itself. Question anyone who asks for your social security card. Employers, banks, credit card companies and the department of motor vehicles are some of the few legitimate entities who may need your social security number. Never give it out online or in email.

6. Don’t use the same password everywhere – All your accounts need a password, but not the same one. Consider using an all-in-one password manager. If you choose this option make sure that you log out of the service when not in use. Get in the habit of locking your computer and shutting it off at night.

7. Beware of emails phishing for personal information – Be very wary of any email with a link that asks you to disclose your credit card details, username, password or social security number. These emails can look official but no bank, or other legitimate business, should email asking for this information.

8. Be Wi-Fi savvy and safe – Free Wi-Fi at coffee shops, libraries and restaurants make these great places to hang out and study. However, free comes at the cost of security. Unsecured networks create the risk of identity theft and other personal information being stolen. Make sure sites you visit use encryption software (website addresses start with https:// and usually display a lock in the browser address bar) to block identity thieves when using public Wi-Fi. Additionally, be careful to avoid using mobile apps that require credit card data or personal information on public Wi-Fi as there is no visible indicator of whether the app uses encryption. In general it’s best to conduct sensitive transactions on a secured private network or through your phone’s data network rather than public Wi-Fi.

Email Do’s and Don’ts


Email has become one of the primary ways we communicate in our personal and professional lives. However, we can often be our own worst enemy when using it. In this newsletter, we will explain the most common mistakes people make and how you can avoid them in your day-to-day lives.


Autocomplete is a common feature that is found in most email clients. As you type the name of the person you want to email, your email software automatically selects their email address for you. This way, you do not have to remember the email addresses of all your contacts, just the recipient’s name. The problem with autocomplete comes when you have contacts that share similar names. It is very easy for autocomplete to select the wrong email address for you. For example, you may intend to send an email with all of your organization’s financial information to “Fred Smith,” your coworker in accounting. Instead, autocomplete selects “Fred Johnson,” your neighbor. As a result, you end up sending sensitive information to unauthorized people. To protect yourself against this, always double check the name and the email address before you hit send.


Most email clients have two options besides the “To” field: Cc and Bcc. “Cc” stands for “Carbon copy,” which means you want to keep people copied and informed. “Bcc” means “Blind carbon copy.” It is similar to Cc, but no one can see the people you have Bcc’ed. Both of these options can get you into trouble. When someone sends you an email and has Cc’ed people on it, you have to decide if you want to reply to just the sender or reply to everyone that was included on the Cc. If your reply is sensitive, you may want to reply only to the sender. If that is the case, be sure you do not use the “Reply All” option, which will include everyone. A Bcc presents a different problem.. When sending a sensitive email, you may want to copy someone privately using Bcc, such as your boss. However, if your boss responds using “Reply All,” all of the recipients will know that your boss was secretly Bcc’d on your original email.

Distribution lists

Distribution lists are a collection of email addresses represented by a single email address, sometimes called a mail list or a group name. For example, you may have a distribution list with the email address group@example.com. When you send an email to that address, the message gets sent to everyone in the group, which could be hundreds or thousands of people. Be very careful what you send to a distribution list, since so many people may receive that message. In addition, be very careful when replying to someone’s email on a distribution list. You may only intend to reply to the individual sender, but if you hit “Reply All,” you will have included the entire distribution list. This means that hundreds (if not thousands) of people will be able to read your private email. Another problem with autocomplete is that it could select a distribution list instead of a single recipient. Your intent may be to email only a single person, such as your coworker Carl at carl@example.com, but autocomplete might accidently send it to a distribution list you subscribed to about cars.


Never send an email when you are emotionally charged. An email written in an emotional state could cause you harm in the future, perhaps even costing you a friendship or a job. Instead, take a moment and calmly organize your thoughts. If you have to vent your frustration, open your email client, make sure it is not addressed to anyone and type exactly what you feel like saying, then when you are done, get up and walk away from your computer, perhaps make yourself a cup of tea. When you come back, delete the email and start over again. Even better, pick up the phone and talk to the person, as it can be difficult to determine tone and intent with just an email.

Email does not have an ‘undo’ button. Whenever you send an email, slow down for a moment and double check what you are sending and to whom before hitting the send button.


Finally, remember that traditional email has few privacy protections. Anyone who gains access to your email can read your messages. In addition, unlike a phone call or personal conversation, you no longer have control over an email once you send it. Your email can easily be forwarded to others, posted on public forums and may remain accessible on the Internet forever. If you have something truly private to communicate, pick up the phone. It is also important to remember that email can be used as legal evidence in many countries. Finally, if you are using your work computer for sending email, keep in mind that your employer may have the right to monitor and read your email. If you use your work computer to access your personal email account, this could include your personal email. Check with your supervisor if you have questions about email privacy at work.


Have a scam-free vacation!

Heading out of town? Make sure you come back with a nice post-vacation glow and not a case of identity theft. Here are some things you can do to lessen the chances you’ll be a victim.

Limit what you carry. Take only the ID, credit cards, and debit cards you need. Leave your Social Security card at home. If you’ve got a Medicare card, make a copy to carry and blot out all but the last four digits on it.

Know the deal with public Wi-FiMany cafés, hotels, airports, and other public places offer wireless networks — or Wi-Fi — you can use to get online. Two things to remember:

  • Wi-Fi hotspots often aren’t secure. If you connect to a public Wi-Fi network and send information through websites or mobile apps, the info might be accessed by someone it’s not meant for. If you use a public Wi-Fi network, send information only to sites that are fully encrypted (here’s how to tell), and avoid using apps that require personal or financial information. Researchers have found many mobile apps don’t encrypt information properly.
  • That Wi-Fi network might not belong to the hotel or airport. Scammers sometimes set up their own “free networks” with names similar to or the same as the real ones. Check to make sure you’re using the authorized network before you connect.

Protect your smartphone. Use a password or pin, and report a stolen smartphone — first to local law enforcement authorities, and then to your wireless provider. In coordination with the Federal Communications Commission (FCC), the major wireless service providers have a stolen phone database that lets them know a phone was stolen and allows remote “bricking” so the phone can’t be activated on a wireless network without your permission. Find tips specific to your operating system with the FCC Smartphone Security Checker at fcc.gov.

ATMs and gas stations — especially in tourist areas — may have skimming devices. Scammers use cameras, keypad overlays, and skimming devices — like a realistic-looking card reader placed over the factory-installed card reader on an ATM or gas pump — to capture the information from your card’s magnetic strip without your knowledge and get your PIN. The FBI offers tips to avoid being scammed by a skimmer.

Watch that laptop. If you travel with a laptop, keep a close eye on it — especially through the shuffle of airport security — and consider carrying it in something less obvious than a laptop case. A minor distraction in an airport or hotel is all it takes for a laptop to vanish. At the hotel, store your laptop in the safe in your room. If that’s not an option, keep your laptop attached to a security cable in your room and consider hanging the “do not disturb” sign on your door.

Still, despite your best efforts to protect it, your identity may be stolen while you’re traveling. Here’s what you can do.



eBay Users Should Change Password due to Breach

All eBay users should change their passwords immediately.  Due to a security breach, customer account information for eBay’s millions of users has been compromised.  To reset your password, here is the eBay password-reset page link .

In a post yesterday on the company’s official blog, eBay said the “database, which was compromised between late February and early March, included eBay customers’ name, encrypted password, email address, physical address, phone number and date of birth. ”  You can read the rest of the blog here.

According to reports and the company, the breach did not affect PayPal systems.  However, eBay and PayPal are affiliated entities and you might also consider changing your PayPal password.  It is always best to use a unique password for every online account.

Users should be especially wary of “phishing” attacks.  Just like during other major events, criminals will use keywords such as “eBay” and “password change” to lure victims into clicking malicious links in emails.  Don’t get tricked – never click links in emails.  Instead, type the website name into your browser for safety.

Did you celebrate Password Day?

May 7th was World Password Day – Did you know that length is more important than complexity for choosing your passwords?  Yup, hackers can crack (guess or determine by force) a “complex” 8 digit code in a few hours – but it takes years to crack a long passphrase, even if it looks simple!  Here’s an example:

9@d3n1Q* – only a few hours to crack!

funky clock arrow pluto = years to crack

*note: a long passphrase is great, but don’t use ONLY lower case letters!

What should we do?  Well, the best practice is a long passphrase using random words.  And, there’s a bonus – it’s easier to remember!  For some fun and great tips on passwords, visit Passwordday.org.

How long should my passphrase be?  Experts recommend twenty or more characters in length.

Should I include some special characters or numbers?  It sure can’t hurt!

OK, but we still use lots of websites and need different passphrases for each.   Even using words from my favorite songs (and mixing them up a bit) it’ll still be hard to remember all my logins.  Luckily, a password manager can help!

Password managers allow you to use one main passphrase, then they auto-generate strong passwords for your logins.  Best of all, they remember all your passwords and do the logging-in for you!  As always, compare products carefully before you choose – to get you started, here’s a review of password managers at PCmag.com, and another review at WSJ.com.




You’ve been hacked! Now what?

From the City of Seattle, Office of Information Security – Bryant Bradbury

Maybe you opened an e-mail attachment you shouldn’t have and now your computer has slowed to a crawl and other strange things are happening. Or perhaps you’re running an out-of-date, or unpatched, operating system software (such as Windows XP) and have started to see “antivirus warnings.”  Perhaps your bank called, informing you that there has been some unusual activity on your account. Your friends and family may start complaining about spam messages they are purportedly receiving from you. These are all signs that your computer may have been hacked.

If your computer system has indeed been compromised and infected with a virus or other malware, you need to take action to protect your data and prevent your computer from being used to attack others.

Secure Your Computer

Ensure your computer is current with all available patches, fixes, and upgrades. If you do not have your operating system set to automatically update, do so now by visiting your operating system’s website and following the instructions. Links are provided here for Windows users and Mac users.  (In addition, note that support for Windows XP ends effective April 8, 2014. The end of support for Windows XP means that Microsoft will no longer provide new security updates and will therefore become a significant security risk. It is recommended that anyone using Windows XP migrates to products that are supported, such as Windows Vista, Windows 7 or 8.)

Your computer’s security software should also be up-to-date. To check status, click on the icon for the security program on your system. If an update is needed, it will be indicated here. If you don’t have security software installed, you need to get it. Make sure you have anti-virus and anti-spyware software installed and a firewall enabled.

Confirm that your browsers are up-to-date. Tools such as Qualys BrowserCheck or WhatBrowser can help assess status.

Secure Your Accounts

You probably access numerous online accounts, including social media, banking, news sites, shopping, and others. If you’ve been hacked, there is a chance that important passwords have been stolen. Reset your passwords for your critical accounts first, starting with your email account, followed by financial and other critical accounts.  It is important to start with email accounts, since password resets for all of your other accounts are typically sent to your email.

Use separate and unique ID/password combinations for different accounts and avoid writing them down. Make the passwords more complicated by combining letters, numbers, special characters, and by changing them on a regular basis.  If you are unable to log into one of your accounts, contact the service provider or website immediately. Most online providers include an online form, an email address to contact, or a phone number to call.

Secure Your Mobile Device

Our increased reliance on smart devices–including mobile phones and tablets–for everyday activities has resulted in an increased number of hacking attempts against these devices. As we do with our personal computers, we have to ensure that the proper steps are taken to protect our information and devices. This includes installing security software, where available, and keeping all installed software up-to-date.

For More Information

You’ve been hacked, now what?  http://www.net-security.org/article.php?id=1827

Your Email’s Been Hacked! Now What?  http://identitysafe.norton.com/blog/blog/2013/06/03/your-emails-been-hacked-now-what/

You Got Hacked! What Now?  http://www.pcmag.com/article2/0,2817,2403134,00.asp

Hacked: Now What?  http://www.securingthehuman.org/newsletters/ouch/issues/OUCH-201209_en.pdf

I’ve Been Hacked! Now What?  http://netsecurity.about.com/od/disasterrecovery/a/I-Ve-Been-Hacked-Now-What.htm

You’ve been hacked! Now What?  http://www.doit.wisc.edu/youve-been-hacked-now-what/

THE READER – New immigrant voting rights taskforce

From the Office of Mayor Mike McGinn
News, Updates, and Information


New immigrant voting rights taskforce
Today Mayor Mike McGinn announced several new efforts to support immigrant and refugee communities in Seattle, including the creation of an Immigrant Voting Rights Taskforce. The taskforce, comprised of community leaders, academics and attorneys, will be tasked with making Seattle more voter-friendly for the more than 100,000 Seattle residents who are foreign-born.

“This taskforce will get to the heart of many equity issues in the world of civic engagement for Seattle’s immigrant population,” said McGinn. “We have to strive as a city to meet the needs of all communities in getting their voice heard.”

The taskforce will look at a number of questions, including: more equitable placement of ballot boxes, registration deadlines for individuals who have just become citizens, extra outreach around voting to individuals who have become citizens, and linguistic assistance for non-English speakers. The goal is to evaluate what jurisdiction Seattle has over these issues and strategize how to lift institutional barriers through changes in policy and legislation. The Office of Immigrant and Refugee Affairs, created in 2012, will oversee the taskforce’s work and provide staff support.

Drop-in activities for some Seattle public school students if a strike happens
The City of Seattle announced Friday it will open and staff drop-in activities at 20 designated community centers for Seattle Public Schools students on free and reduced lunch from Kindergarten to 8th Grade if a strike delays the opening of Seattle Public Schools. The free program will operate from 8:00 a.m. to 5:00 p.m. beginning Thursday, September 5 and include supervised recreation activities, with an anticipated supervision ratio of 20 children to 1 adult leader. Seattle Parks and Recreation and the Associated Recreation Council will staff these sites.

To sign up for these services, click here.

28 new or expanded community gardens made possible through 2008 Parks and Green Spaces Levy
Mayor McGinn announced the growth of the city’s P-Patch Community Gardening Program with an increase of 20 new or expanded P-Patch gardens over the past four years, with another eight gardens in the works.

This growth is a result of funding from the 2008 Parks and Green Spaces Levy, which originally provided $2 million for four new gardens. Due to strong partnerships with neighborhood volunteers and community organizations and the leveraging of funds, 22 new or expanded garden projects have been supported with this funding. In addition last December, the Levy Oversight Committee recommended the reallocation of $427,000 in inflationary funds which will support another six projects. In total, 28 projects providing more than 700 additional garden plots will have been added by 2014.

“The spirit of volunteerism in the community and the management of this program has made the public’s investment go much further,” said Mayor McGinn. “As the second largest program in the nation, I’m excited that our city’s P-Patch Program has grown to provide more community members from across the city the opportunity to grow fresh organic food, as well as engaging with their fellow gardeners and neighbors.”

Good news for LGBTQ City employees
Last week the U.S. Department of the Treasury and the Internal Revenue Service (IRS) announced that all same-sex married couples will receive equal treatment under the tax code, regardless of whether their marriage is recognized in the state they reside in. This is great news for married couples in our community who have shouldered significant tax burdens that opposite-sex married couples do not face. For example, City of Seattle employees have been unfairly taxed on the health benefits we offer to their same-sex spouses and their children, potentially costing couples thousands of dollars a year.

With this new direction from the IRS, our Personnel Department is already working with Payroll to figure out the quickest way to stop taxing. They will also provide detailed information on how to file a claim for a refund from the IRS as soon as that information becomes available.

Read more.


THE READER – New funding for more preschool slots

From the Office of Mayor Mike McGinn
News, Updates, and Information WEDNESDAY, JULY 24, 2013New funding for more preschool slots
Mayor McGinn announced the award of approximately $470,000 in funding from the 2011 Families and Education Levy for investments in early learning at three Seattle preschools as part of the City of Seattle’s Step Ahead preschool program:

The 2011 funding increases slots at one existing Levy-funded preschool, Denise Louie Education Center in Seattle’s Beacon Hill neighborhood, and adds two preschools to the Step Ahead program, Seed of Life LLC (southeast Seattle), and Puget Sound Educational Service District (southwest Seattle). The Levy now funds a total of 20 preschool sites operated by 11 community agencies. For a complete list of Step Ahead preschools please see attached chart.

“This new funding will help more children get the early learning they need,” said Mayor McGinn. “Research has shown that high-quality early learning environments are key to a child’s future success in school and beyond.”

The Seattle Human Services Department (HSD), which administers the Step Ahead preschool program, received six applications for nine preschool sites totaling $996,000 in requested funds through a Request for Investment (RFI) process. The RFI sought to contract with a diverse group of providers to deliver preschool services for low- and moderate-income families of three- and four-year-old children who live in the attendance areas of Seattle elementary schools that are eligible for Families and Education Levy funding.

Support for young immigrants eligible for work visas
Today Mayor McGinn announced new City efforts to support young people eligible for work authorizations through the federal Deferred Action for Childhood Arrival (DACA) policy launched by President Barack Obama in June 2012. Individuals age 18 and over can now call the Seattle City Light Service Center at (206) 684-3000 and have their names added to the utility bill for their home, helping to provide a paper trail to prove residency.

“These small changes in the way the City operates can have a big impact on the lives of these young people,” said McGinn. “We have an opportunity here to support immigration reform at the local level. We hope other cities will follow our lead in supporting youth who are eligible for DACA.”

DACA offers a two year grant of reprieve from deportation as well as work authorization for unauthorized immigrants who were under the age of 31 as of June 15, 2012 and entered the United States under the age of 16. This includes many of those who would have been eligible for legal residency under the proposed DREAM Act.

Many DACA-eligible people have reported that one of their greatest challenges is to prove that they have been continuously residing in the United States since their arrival in childhood, after years spent hiding the fact of their residency. The City of Seattle will help DACA-eligible people prove their residency by permitting them to show utility bills with their name listed. Washington State has over 40,000 residents eligible for a work authorization under DACA, many of them currently residing in Seattle.

Improving safety on Northeast 75th Street
Mayor McGinn and City Traffic Engineer Dongho Chang announced last week four proposals for improving road safety by restriping Northeast 75th Street near Nathan Eckstein Middle School. The proposals were developed in partnership between the Seattle Department of Transportation (SDOT) and community residents in response to concerns raised after a tragic DUI-related collision on Northeast 75th Street in March.

“We’ve heard from residents that reducing speeds is a high priority on Northeast 75th Street,” said McGinn. “These proposals can help people slow down as they drive near Eckstein Middle School. We’ll work with the community to determine the best option for moving forward.”

SDOT has worked in collaboration with the community to consider changes to these streets in an effort to bring down speeds and make the roadway safer for students, neighbors and all roadway users. SDOT held three public meetings in April and May where attendees discussed existing conditions and traffic data, and discussed potential improvements. Support for different roadway configurations was one of the most common suggestions SDOT heard from the community in those meetings.

Seattle Children’s Hospital pledges funding for bike share program
Thank you to Seattle Children’s Hospital, which announced a $500,000 grant to Puget Sound Bike Share. The grant will provide adult helmets at future bike-share stations in the Seattle area. Seattle Children’s is the first major Seattle-area employer to invest in the program, which has received $1.75 million in state and federal grants.

“Seattle’s bike-share network will help provide a new option for people to get around, supporting health, safety and vibrant communities,” said Seattle Mayor McGinn. “This program is a partnership with the private sector, and we hope other institutions in our community will step forward to match Seattle Children’s investment.”

Video highlights (for more see http://seattle.gov/mayor/photos/videos.htm):

Seattle Named Hardest-Working City in U.S.

No Shootings or Killings for 363 Days, but the Fight Is Far From Over

Seattle directs contractors to advertise in ethnic media

Dragon Fest a boon to families, businesses

Recent blog posts:
Letter in support of County Ordinance 2013-0285 to protect immigrants and refugees

Upcoming Outreach EventsBlogFacebookTwitterFlickr

Be Super SafeCenter CityEngage SeattleJobs PlanNightlife

Safe CommunitiesSeaFi – SPD 20/20Walk Bike RideYouth and Families

Office of the Mayor
City of Seattle

Dropbox/WordPress threat vectors


Well, isn’t this just special?


–Chinese Cyberespionage Group Using Dropbox and WordPress (July 10, 2013) A Chinese cyberespionage group has reportedly begun using Dropbox and WordPress to spread malware and further its forays into target computer networks. The group is the same one believed to have been responsible for attacks on the New York Times. The attackers register for a Dropbox account, upload the specially crafted content, and share it with targeted users. A memo that purported to be from the US-ASEAN (Association of Southeast Asian Nations) business council was used as bait. Once the targets opened the file, the embedded malware contacts a WordPress blog for commands to reach a command-and-control server.



[Editor’s Note (Pescatore): Sort of a “dog bites man” story, no? A far more interesting story (“man bites dog”) would be: “For the first time in recorded history, going back to the Stone Age, bad guys decided *not* to use the same technology the good guys are using.”

(Henry): We’ve monitored this adversary for several years, and this latest tactic demonstrates their continued evolution.  Defenders filter outbound ports, and the adversary uses C2 sites that are difficult or impossible for administrators to block…yet another example of electronic “cat and mouse.”]