Form 5500 and E-Filing

 June 15, 2010

 

This year, the Department of Labor is requiring Benefit Plan returns filed on form 5500 (not the 5500-EZ, though) to be electronically filed.

For authorized signers of Benefit Plan returns, you have 2 areas of concern, and both will require Internet access.  First, you will sign up for a User ID, Password and PIN from the Department of Labor.  Then, you will review and electronically sign (or reject) the return.

 

Sign up at the Department of Labor’s Web Site

The first thing to do is to open a web browser, like Internet Explorer or Firefox or Chrome, and go to this address:  http://www.efast.dol.gov to sign up. 

·         Once here, either find the Register link under the Main heading on the left, or the register link at the end of the Welcome section of the text on the right side of the screen.  Either one will take you to the first page, which has you agreeing not to commit fraud, etc.  You should read through this agreement; you will be required to allow session cookies, among other things to know.  Most folks have their browsers set up for this as the default; you shouldn’t have to worry about any of the technical, Internet side of things.  But if you are having a problem, please contact us, and we will help you solve any of these issues.  When you have read this first agreement, click the “I have read the agreement” checkbox, and then click the Accept Agreement button at the bottom.

·         The next screen is the usual name and address information, until you get to the bottom. Fill in your information, especially the email address, and then at the bottom, click the “Filing Signer” checkbox, then click Next.

·         Next you will be asked to set up a challenge question and answer.  You will need this for a future step.  You can choose either your date of birth or your place of birth, and then fill in the answer, then click Next.

·         Here you will view a summary of all that you have filled in on their form. If all is right, click the Submit button.

·         You will be informed on the next screen that you have been sent an email. This finishes this Internet session.  Check your email; as soon as one comes from the Department of Labor, open it and click on the first link to their web page.  The next Internet session will now begin.

·         When the web page opens, you will be asked to answer your challenge question you set up earlier. Once you put in your answer and click Next, you will have a new agreement to agree to, about the use of the PIN you will be assigned.  It tells you what the PIN can be used for, and not to share it with anyone, and what to do if it is lost or stolen. Click the “I have read this agreement” check box, and then the Accept Agreement button.

·         The next screen shows you most of the information you now need in order to electronically sign Form 5500 returns.  Print this information out, and keep it with you, as we will need it for the next step.  Click the Next button once you have the printed copy in hand.

·         You will now have to create a password.  It must be between 10 and 16 characters long, and must include at least one numeral and one letter, but not include spaces. This password is case sensitive, so be careful as you type it in. Write it down on the paper you just printed out.  Click the Save button when you are finished.

·         You are now at the Confirmation screen.  You have finished everything you need.  To test and make sure all your information works, click the Login button, and then fill in your User ID from the paper you printed out, and the password you just created.  It should take to you a summary screen if all is working properly.

 

That’s the process to get your electronic signature information.  If you have any questions, please do not hesitate to contact us.

 

 

Review and accept or reject the Form 5500 Return

 

When your preparer has finished your Benefit Plan return, you will be sent an email from your preparer with a link to a web page in it.  If you are unable to get to the web page with this link, you can type in the following: https://tax-esign.intuit.com/esig/  making note of the https at the beginning.  Enter your email address, your plan number, and your EIN.  All of this information is in the email you will receive.  Then, click the I Agree To The Terms check box, and click the “Sign In” button.

 

You will get a Welcome screen, and see some basic information about what happens when you submit your electronic signature.  Click the “Let’s Go” button.

 

This next screen has all the information for you, including your complete return.  At the lower left, click the “Complete Return for…” your plan name link, and you will be shown a copy of the Form 5500 return for your review.  If the plan meets your approval, you will fill your information in on the right side of this screen.  The web site allows you 30 minutes to review the return.  If you need longer than this, you can save a copy of the return to your computer.  If the web site says you have used up your time, you can sign back in later, and have another 30 minutes, or if you are reviewing the return on your hard drive, just sign back in to the web site to complete the electronic signature process.

 

After reviewing the return, if you agree that all the information is correct and you are ready to submit it to the Department of Labor, enter your User ID, and your PIN twice, and click the “Sign” button.  If the return needs to be corrected, you can click the “Reject” button.  If you have rejected the return, please call your preparer and discuss the changes that need to be made.

 

If you have clicked the Sign button, you have finished your electronic signature process.  If you rejected it, and are working with your preparer to update or correct the return, you will be sent a new email when the updated return is ready for you to review, and will go through the process outlined above once more.

 

Again, if you have any questions, please do not hesitate to contact us.  Thank you.
 

Scary Software

 March 2, 2010

In the last 18 months or so, we have seen the growing occurrence of  a different type of malware attack.  It has picked up the name of Scareware, because they are attempting to scare you into doing something you would not normally do.

It works like this.  You can be innocently surfing the web, visiting innocuous web sites, when all of a sudden, a pop-up appears.  Sometimes it is a warning, telling you your system has been compromised, and that you are infected with 17, 34, 219, or even more viruses, trojans, spyware, or other malicious and bad things.  Sometimes a fake scanner window will pop up, and look like it is scanning your system for malware.  They will display a shield icon that is very close to Microsoft's shield for looks, and will have great names like XP Antivirus 2010 or Malware Defender. "And you can cure all your ills right now!  Just click here... " Whatever you do, don't do it!  This is the behavior they are trying to scare you into.  $34.95 seems a small price to pay to clean up your system, but these people are not trying to help you.

First of all, they are infecting your system. Second, if you click on any of their buttons, you will become even more infected.  Third, if you give them payment, they could clean you out, or sell your number to someone else who will do it.  Fourth, they will infect you with other things, like key loggers, that watch what you type and collect even more information about you, like banking site login info, etc. Fifth, with all of this being loaded on your computer, you will slow down, sometimes to a crawl, sometimes to a complete halt. Sixth, when these programs get rooted in your system, they then actively look for software programs that could remove them, and blocks them from working, making the removal process harder than it already is. And, seventh, the longer you wait, the harder it is to remove these programs from your system, raising the likelihood that your computer will have to be reformatted in order to get it to run.

Before any of these things happen, install a couple of pieces of software. The first is one with the strange name of Malwarebytes.  They have both a free and a paid version available, but both do a stellar job of removing all sorts of malware.  Make sure, though, that you download it from either their web site (malwarebytes.org) or from a reputable repository, like download.com or the venerable tucows.com, among others.  Then, the process is to first update it (new updates are available every day), and then run a complete or full scan of your system.  The second software I use is called Ccleaner, which removes temporary files, and can go through the registry and keep it neat and trim.  Other programs like this are available, but I like this one, as it is not overly aggressive in the registry, where some programs can actually pull valid information out of it by mistake.  I have never had that issue with Ccleaner.

So, be careful out there, keep your cool, and be prepared ahead of time for when, not if, something like this will happen to you.

 Bob 

 

Another Email To Watch

October 27, 2009

I am fascinated at all the attempts I receive through email, attempting to get me to release some of my personal information.  These guys are creative!  That doesn't mean I like them, though.

Today, I got one that looks like it came from the FDIC, informing me that my bank has failed.  With all the news that came out last Friday on failed banks, with the number of failures at an alarming 106 for the year, this did get my attention.  However, I was immediately suspicious, and you should be too, when you get unsolicited email from anywhere.

First, nowhere does it name the bank, great big reg flag number two (the first is that is was un-asked for).  And, my spam service caught this email, so it didn't actually come into  my inbox.

So, I started to do a little checking.  First stop-the IP address.  Every email has an address in it, showing where it came from, so I went to one of the many web sites that you can plug an IP address into, and they will give you some generic information: which country, which company serves as the Internet Service Provider (ISP), basic stuff.  And, lo and behold, the point of origin for this email was not Washington, DC, but the Netherlands.

Next stop was the FDIC web site.  I put a couple of words from the email as terms in their search box in the upper right-hand corner of their web page, and found - as you may have guessed - a consumer fraud alert.  A Bogus email.  And, I don't even know what would happen if I click on the link, nor am I interested enough to actually click on it and find out.  But I'm sure I would not like the result.

Don't fall for their tricks.  Don't assume that, because it is something you are interested in, it is "from" a company you do business with, or that you might even make some money out of the deal, that it is legitimate.  Check it out! Check it out!  Check it out!

 

Bob Edgar
Last Updated on Tuesday, 27 October 2009 09:20
 

Ten Faces of Computer Malware

From:  TechRepublic.com

By: Michael Kassner

 

    With all the different terms, definitions, and terminology, trying to figure out what’s what when it comes to computer malware can be difficult. To start things off, let’s define some key terms that will be used throughout the article:

  • Malware: Is malicious software that’s specifically developed to infiltrate or cause damage to computer systems without the owners knowing or their permission.
  • Malcode: Is malicious programming code that’s introduced during the development stage of a software application and is commonly referred to as the malware’s payload.
  • Anti-malware: Includes any program that combats malware, whether it’s real-time protection or detection and removal of existing malware. Anti-virus, anti-spyware applications and malware scanners are examples of anti-malware.

One important thing to remember about malware is that like its biological counterpart the number one goal is reproduction. Causing damage to a computer system, destroying data, or stealing sensitive information are all secondary objectives.

Keeping the above definitions in mind, let’s take a look at 10 different types of malware.

1: The infamous computer virus

A computer virus is malware that’s capable of infecting a computer but has to rely on some other means to propagate. A true virus can only spread from the infected computer to a non-infected computer by attaching to some form of executable code that’s passed between the two computers. For example, a virus could be hidden in a PDF file attached to an e-mail message. Most viruses consist of the following three parts:

  • Replicator: When the host program is activated, so is the virus and the viral malcode’s first priority is to propagate.
  • Concealer: The computer virus can employ one of several methods to hide from anti-malware.
  • Payload: The malcode payload of a virus can be purposed to do just about anything, from disabling computer functions to destroying data.

Some examples of computer viruses currently in the wild are W32.Sens.A, W32.Sality.AM, and W32.Dizan.F. Most quality anti-virus software will remove computer viruses once the application has the signature file for the virus.

2: The ever popular computer worm

Computer worms are more sophisticated than viruses, being able to replicate without user intervention. If the malware uses networks (Internet) to propagate it’s a worm rather than a virus. The main components of a worm are:

  • Penetration tool: Malcode that leverages vulnerabilities on the victim computer to gain access.
  • Installer: The penetration tool gets the computer worm past the initial defense mechanism. At that point the installer takes over and transfers the main body of malcode to the victim.
  • Discovery tool: Once settled in, the worm uses several different methods to discover other computers on the network, including e-mail addresses, Host lists, and DNS queries.
  • Scanner: The worm uses a scanner to determine if any of the newly-found target computers are vulnerable to the exploits available in its penetration tool.
  • Payload: Malcode that resides on each victim’s computer. Could be anything from a remote access application to a key logger used to capture user names and passwords.

This category of malware is unfortunately the most prolific, starting with the Morris worm in 1988 and continuing today with the Conficker worm. Most computer worms can be removed by using malware scanners such as MBAM or GMER.

3: The unknown backdoor

Backdoors are similar to the remote access programs that many of us use all the time. They’re considered malware when installed without permission, which is exactly what an attacker wants to do, by using the following methods:

  • One installation method used is to exploit vulnerabilities on the target computer.
  • Another approach is to trick the user into installing the backdoor through social engineering.

Once installed, back doors allow attackers complete remote control of the computer under attack. SubSeven, NetBus, Deep Throat, Back Orifice, and Bionet are backdoors that have gained notoriety. Malware scanners like MBAM and GMER are usually successful at removing backdoors.

4: The secretive trojan horse

It’s difficult to come up with a better definition for trojan horse malware than Ed Skoudis and Lenny Zelter did in their book Malware: Fighting Malicious Code:

“A trojan horse is a program that appears to have some useful or benign purpose, but really masks some hidden malicious functionality.”

Trojan horse malware cloaks the destructive payload during installation and program execution, preventing anti-malware from recognizing the malcode. Some of the concealment techniques include:

  • Rename the malware to resemble files that are normally present.
  • Corrupt installed anti-malware to not respond when malware is located.
  • Polymorphic code is used to alter the malware’s signature faster than the defensive software can retrieve new signature files.

Vundo is a prime example; it creates pop up advertising for rogue anti-spyware programs, degrades system performance, and interferes with Web browsing. Typically, a malware scanner installed on a LiveCD  is required to detect and remove it.

5: Adware/Spyware, more than an annoyance

Adware is software that creates pop-up advertisements without the user’s permission. Typically the way adware gets installed is by being a component of free software. Besides being very irritating, adware can significantly decrease computer performance.

Spyware is software that collects information from your computer without your knowledge. Free software is notorious for having spyware as a payload, so reading the user agreement is very important. The Sony BMG CD copy protection scandal is probably the most notable example of spyware.

Most quality anti-spyware program will quickly find unwanted adware/spyware and remove it from the computer. It’s also not a bad idea to regularly remove temp files, cookies, and browsing history from the Web browser program as preventative maintenance.

Malware stew

Up until now, all the malware discussed has distinctive characteristics, making each type easy to define. Unfortunately that’s not the case with the next categories. Malware developers have figured out how to combine the best features from different types of malware in an attempt to improve their success ratio.

Rootkits are an example of this, integrating a trojan horse and a backdoor into one package. When used in this combination, an attacker can gain access to a computer remotely and do so without raising any suspicion. Rootkits are one of the more important combined threats, so let’s take a deeper look at them.

Rootkits: Uniquely different

Rootkits are in a class all their own, choosing to modify the existing operating system instead of adding software at the application level like most malware. That’s significant, because it makes detection by anti-malware that much more difficult.

There are several different types of rootkits, but three make up the vast majority of those seen in the wild. They are user-mode, kernel-mode, and firmware rootkits. User-mode and kernel-mode may need some explanation:

  • User mode: Code has restricted access to software and hardware resources on the computer. Most of the code running on your computer will execute in user mode. Due to the restricted access, crashes in user mode are recoverable.
  • Kernel mode: Code has unrestricted access to all software and hardware resources on the computer. Kernel mode is generally reserved for the most trusted functions of the operating system. Crashes in kernel mode aren’t recoverable.

6: User-mode rootkits

It’s now understood that user-mode rootkits run on a computer with the same privileges reserved for administrators. This means that:

  • User-mode rootkits can alter processes, files, system drivers, network ports, and even system services.
  • User-mode rootkits remain installed by copying required files to the computer’s hard drive, automatically launching with every system boot.

Hacker Defender is one example of a user-mode rootkit and luckily Mark Russinovich’s well-known application Rootkit Revealer is able to detect it as well as most other user-mode rootkits.

7: Kernel-mode rootkits

Since rootkits running in user-mode can be found and removed, rootkit designers changed their thinking and developed kernel-mode rootkits:

  • Kernel-mode means the rootkit is installed at the same level as the operating system and rootkit detection software.
  • This allows the rootkit to manipulate the operating system to a point where the operating system can no longer be trusted.

Instability is the one downfall of a kernel-mode rootkit, typically leading to unexplained crashes or blue screens. At that point, it might be a good idea to try GMER. It’s one of a few trusted rootkit removal tools that has a chance against kernel-mode rootkits like Rustock.

8: Firmware rootkits

Firmware rootkits are the next step up in sophistication, with rootkit developers figuring out how to store rootkit malcode in firmware. The altered firmware could be anything from microprocessor code to PCI expansion card firmware. This means that:

  • When the computer is shut down the rootkit writes the current malcode to the specified firmware.
  • Restart the computer and the rootkit reinstalls itself.

Even if a removal program finds and eliminates the firmware rootkit, the next time the computer starts, the firmware rootkit is right back in business.

9: Malicious mobile code

In relative anonymity, malicious mobile code is fast becoming the most effective way to get malware installed on a computer. First, let’s define mobile code as software that’s:

  • Obtained from remote servers.
  • Transferred across a network.
  • Downloaded and executed on a local system.

Examples of mobile code include JavaScript, VBScript, ActiveX controls, and Flash animations. The primary idea behind mobile code is active content, which is easy to recognize. It’s the dynamic page content that makes Web browsing an interactive experience.

What makes mobile code malicious? Installing it without the owner’s permission or misleading the user as to what the software does. To make matters worse, it’s usually the first step of a combined attack, similar to the penetration tool used by trojan horse malware. After which the attacker can install additional malware.

The best way to combat malicious mobile code is to make sure that the operating system and all ancillary software is up to date.

10: Blended threat

Malware is considered a blended threat when it seeks to maximize damage and propagate efficiently by combining several pieces of single-intentioned malcode. That said, blended threats deserve special mention as security experts grudgingly admit they’re the best at what they do. A blended threat typically includes the following abilities:

  • Exploit several known vulnerabilities or even create vulnerabilities.
  • Incorporate alternate methods for replicating.
  • Automate code execution, which eliminates user interaction.

Blended threat malware for example may send an HTML e-mail message containing an embedded trojan horse along with a PDF attachment containing a different type of trojan horse. Some of the more famous blended threats are Nimda, CodeRed, and Bugbear. Removing blended threat malware from a computer may take several different pieces of anti-malware as well as using malware scanners installed on a LiveCD.

Final thoughts

Malware: is it even possible to reduce the harmful effect it causes? Here are a few final thoughts on that subject:

  • Malware isn’t going away any time soon. Especially when it became evident that money, lots of money can be made from its use.
  • Since all anti-malware applications are reactionary, they are destined to fail.
  • Developers who create operating system and application software need to show zero tolerance for software vulnerabilities.
  • Everyone who uses computers needs to take more ownership in learning how to react to the ever-changing malware environment in.
  • It cannot be stressed enough, please make sure to keep operating system and application software up to date.
 
 
 
Another Telephone Scam -
Or Is It?
 

I got an email recently from a reasonably trustworthy source, that was forwarded from someone else, about a scam that "is going around." Normally, when I hear something like this, the red flags usually go up. I've had so many well-meaning folks send me forwarded emails that have been total hoaxes, that I usually take a quick trip to one of my favorite web sites and check anything like this out, as I did in this case.

That web site is called Snopes, and I have found over the years that they do a lot of good research into whether anything like this is the real scoop, or just something that someone else is passing along. And they did indeed have something on this particular email.

This email works to inform people, "DON'T DIAL AREA CODE 809" (sorry about the all caps – that’s the way the email was formatted). Then it goes on to talk about how you could be charged $2425 per minute for dialing this area code. The email then explains that this works because certain foreign countries (pretty much all based in the Caribbean) don’t need to have the extra “011” added to the front of their phone number in order to call their country. The list of prefixes given is 809, 284 and 876 (they could have added 758 and 664 as well). They claim that your phone bill could be more than $24,000 from this kind of call, and that there is no recourse.  Then they give a link to an AT&T web site (I checked it out; it's a legitimate link).

 A lot of this is true, so this is not strictly a hoax, but common sense and further research need to take hold here.  The area codes they list really are legitimate, foreign-country area codes, and you can dial them without the “011”.  These countries do not have to follow our rules for pay-for-call numbers, which include informing you that this call will cost you. It will seem just like a regular call.  And the link to AT&T led to a web page that gave some very good advice.  But, phone companies are giving some recourse on these types of calls, charges are being removed, and the dollar amounts are exaggerated. Nor is this a very prevalent scam.  Oh, and you can call this area code without the massive charges, if you know who you are calling.  Not all numbers in these area codes are scam numbers.

 You can also go to the FTC website (ftc.gov) and find some information on this, which is where I got the other two area codes.  Websites also exist that allow you to look up area codes; just search in your favorite web search engine for area code lookup.  And don’t just forward emails without checking them out; hoax emails are another form of spam!  More on this in another article.  As always on the web, have fun, but be safe.

 Bob
 


You are visitor #1283
RocketTheme Joomla Templates