It's tax time, which also means it’s tax-scam time. Similar to the heightened risks during the holidays, now is an important time to remain alert for unusual phishing activity.
Tax forms are a treasure trove of information, including names, addresses, social security numbers and wages. Accounting and financial personnel responsible for handling employee W-2’s are particularly at risk for being targeted this season. If someone in this role becomes victim, cybercriminals are rewarded with even greater gains.
However, any regular tax payer who files electronically should also be aware that you could be targeted, too. Using sophisticated phishing tactics, cybercriminals will attempt to gain access to your files and commit acts of fraud, such as filing fake tax returns to obtain a refund.
Spamming is a relatively cheap and easy way for cybercrimials to gain access to your information. They send hundreds of thousands of email messages across the globe, and it will turn a profit if the right messages get in front of just a few of the right targets.
There were reports this past holiday season of criminals luring users in with the promise of inexpensive gifts or information about a package in transit. Unsuspecting users respond with sensitive information like user names, passwords, and financial information. Users don’t even have to type anything in to give the criminals something to work with: merely clicking “unsubscribe” will prove to the criminal that your email address is valid. Your “unsubscribe” request is ultimately just an invitation to send more spam.
Another common tactic that has been reported is phone extortion. In a recent news release, ADP LLC, a national provider of human resource management software and services, said it has received numerous complaints from customers about being contacted for outstanding taxes. The scammers are spoofing phone numbers, and posing as representatives from the IRS, a payroll company like ADP, and other legitimate businesses. The scammers claim the person will be arrested if they do not pay for tax liabilities over the phone. This false urgency creates fear and scares people into giving up their information.
What can be done to prevent an attack?
Tax scams will continue to pop up at the start of every year, so it’s important to remind your financial staff and employees not to fall prey to them. The sophistication and increasing number of attacks point to the need to enforce stricter corporate policies. W-2’s and other sensitive personal information should not be shared via unencrypted email.
With the right technology in place, the right filters enabled, most scams can be blocked and/or spotted easily. In the event an employee does fall for these kinds of tax-related scams, it's important to take action as soon as the mistake is detected to help avoid further fraud from occurring.
Little can be done to prevent a criminal from picking up the phone or sending a bogus email, but here are a few things you can do to protect yourself and your business:
For more information about how to identify phishing attacks and security best practices, contact your VCIO or visit the News page of our website.