With Tax Season Comes Cyber Theft
Tax season can be a nerve-wracking, even confusing time as people rush to gather paperwork and file all their documents on time.
It’s a busy time for CPA’s as well. With constantly changing tax forms and regulations, they have to educate their clients on how to file correctly and efficiently.
With that said, it’s important for both tax payers and accountants to remain vigilant of tax-related cyber-attacks.
Prepare For Ransomware
The number of ransomware attacks have increased since the rising demand for remote work, and sensitive tax information has become more vulnerable to hackers. In many cases, cyber criminals freeze files and data until accounting firms pay a ransom.
However, just because the ransom is paid it doesn’t guarantee they won’t use the stolen data afterward. The most recent tactic employed by hackers is to extort a CPA by threatening to release the data online or sell it to interested parties.
This is done now because companies are backing up their data more frequently and can simply undo the freeze by recovering data from a point before it was infected with malware. In this case, the target can avoid the ransom payment altogether.
In response to properly secured data backed up on the cloud, cyber criminals are instead choosing to use the extracted data itself as leverage.
Some of you might be asking, “If hackers can extort my company by threatening to release client data instead of freezing it, what’s stopping them from doing it indefinitely?”
The answer is: there isn’t. In theory, once your data has been obtained the thieves can use it in any way they deem profitable. There are even instances hackers receiving the payment and continuing to use the data to file false returns.
Once they have the data, hackers rush to file taxes electronically before the victim can. If the victim is too late, when they attempt to file taxes, the IRS will reject their submission. This is because the IRS refuses tax returns when there are filings with duplicate Social Security numbers. Sometimes, scammers will pose as the IRS through phone calls and emails. Here are some facts to consider if you’re ever in this situation:
Cyber Scams Come in Many Forms
A vast amount of phishing campaigns are conducted by hackers during tax season. Emails, phone calls, SMS and text messaging are all mediums hackers use to manipulate targets. Some quick tips to help avoid a cyber breach are as follows:
Ignore Robocalls and Unfamiliar emails.
Anyone claiming to be the IRS through a phone call is obviously a scammer. But, hackers are getting more sophisticated. Hyper targeted email content is the best way a hacker can manipulate their victim to open an infected attachment or link.
The rule of thumb for safe emailing is not to share information with unconfirmed or unknown email accounts.
Hackers will pose as the IRS emailing clients a “tax transcript” as a way to get them to up social security numbers, passwords, credentials etc. Frauds use this ploy constantly. Any email that requests you provide sensitive data, no matter how legitimate it appears should raise alarm.
Encrypt, store and track all data.
As previously mentioned, Cyber criminals are getting more creative. There have been instances of hackers changing the address of a business so that notifications get redirected to another location.
Luckily, software exists to better vet and evaluate business returns.
This example illustrates the point that a breach might not have immediate red flags. Therefore, keep all data secure and encrypted.
Always send or input data on secure websites when needed. If you have data stored in the cloud, check that the provider follows the appropriate compliance mandates for security. Also, verify that they have a security plan and tools in place to guarantee your data remains in your possession alone.
What is the Biggest Threat to Your Business?
91 percent of all cyber attacks come in the form of phishing scams.
The reason for this is simple, people will always be any organizations greatest vulnerability.
Taking the steps required to recognize and prevent a phishing attack is the first second and third priority of firms, businesses, and clients alike. All of the security and high-grade protection in the world is useless in the face of a careless user. There is only so much cyber security can do.
In the same tax professionals adapt to changing tax codes and policies, they should adapt to the shifts and changes in cyber attacks.