Posts

Tax Season Cyber Security Tech Tips Thumbnail

How CPA’s Can Stay Safe During Tax Season

With Tax Season Comes Cyber Theft

Tax season can be a nerve-wracking, even confusing time as people rush to gather paperwork and file all their documents on time.

It’s a busy time for CPA’s as well. With constantly changing tax forms and regulations, they have to educate their clients on how to file correctly and efficiently.

With that said, it’s important both tax payers and accountants remain vigilant of tax-related cyber-attacks.

Prepare For Ransomware

Ransomware attacks are increasing and sensitive tax information is valuable to a hacker. In many cases, cyber criminals freeze files and data until accounting firms pay a ransom.

However, just because the ransom is payed it doesn’t guarantee they won’t use the stolen data afterward. The most recent tactic employed by hackers is to extort a CPA by threatening to release the data online or sell it to interested parties.

This is done now because companies are backing up their data more frequently and can simply undo the freeze by recovering data from a point before it was infected with malware. In this case, the target can avoid the ransom payment altogether.

In response to properly secured data backed up on the cloud, cyber criminals are instead choosing to use the extracted data itself as leverage.

Some of you might be asking, “If hackers can extort my company by threatening to release client data instead of freezing it, what’s stopping them from doing it indefinitely?”

The answer is: there isn’t. In theory, once your data has been obtained the thieves can use it in any way they deem profitable. There are even instances hackers receiving the payment and continuing to use the data to file false returns.

Once they have the data, hackers rush to file taxes electronically before the victim can. If the victim is too late, when they attempt to file taxes, the IRS will reject their submission. This is because the IRS refuses tax returns when there are filings with duplicate Social Security numbers. Sometimes, scammers will pose as the IRS through phone calls and emails. Here are some facts to consider if you’re ever in this situation:

Tax Season IRS Phishing Hints Stats

Cyber Scams Come in Many Forms

A vast amount of phishing campaigns are conducted by hackers during tax season. Emails, phone calls, SMS and text messaging are all mediums hackers use to manipulate targets. Some quick tips to help avoid a cyber breach are as follows:

Ignore Robocalls and Unfamiliar emails.

Anyone claiming to be the IRS through a phone call is obviously a scammer. But, hackers are getting more sophisticated. Hyper targeted email content is the best way a hacker can manipulate their victim to open an infected attachment or link.

The rule of thumb for safe emailing is not to share information with unconfirmed or unknown email accounts.

Hackers will pose as the IRS emailing clients a “tax transcript” as a way to get them to up social security numbers, passwords, credentials etc. Frauds use this ploy constantly. Any email that requests you provide sensitive data, no matter how legitimate it appears should raise alarm.

Encrypt, store and track all data.

As previously mentioned, Cyber criminals are getting more creative. There have been instances of hackers changing the address of a business so that notifications get redirected to another location.

Luckily, software exists to better vet and evaluate business returns.

This example illustrates the point that a breach might not have immediate red flags. Therefore, keep all data secure and encrypted.

Always send or input data on secure websites when needed. If you have data stored in the cloud, check that the provider follows the appropriate compliance mandates for security. Also, verify that they have a security plan and tools in place to guarantee your data remains in your possession alone.

91 percent of all cyber attacks come in the form of phishing scams.

The reason for this is simple, people will always be any organizations greatest vulnerability.

Taking the steps required to recognize and prevent a phishing attack is the first second and third priority of firms, businesses, and clients alike. All of the security and high-grade protection in the world is useless in the face of a careless user. There is only so much cyber security can do.

In the same tax professionals adapt to changing tax codes and policies, they should adapt to the shifts and changes in cyber attacks.

Tax Season Cyber Security Tech Tips Leaderboard

 

Tax Security Awareness 2019 Thumbnail

Tax Security Week: 5 Common Holiday Tax Scams

With December fast approaching, most people are gearing up for the holidays. Some, however, are preparing to steal personal and financial data ahead of tax filing season in 2020. That’s why the IRS announced its 4th annual National Tax Security Awareness Week.

The IRS received five to seven reports weekly from tax firms that experienced data theft in 2018’s tax season. Identity theft is a major issue for small businesses.

In the spirit of everyone’s favorite season (tax season), the IRS and Security Summit partners will remind businesses, tax payers and professionals alike to update their online security. Because of the upcoming holidays, people are vulnerable to all kinds of social engineering scams.

Modern IT solutions for accounting firms can assess emails and flag suspicious activity. However, responsibility falls on individuals, whether executives or employees, to protect themselves against tax related scams too.

IRS tax scams are common because cyber criminals are most effective when they hide behind authority. They typically feature spam emails redirecting users to malware-infected sites. Sometimes they’ll come with a malicious attachment that carries spyware or malware.

These emails contain an image banner or watermark of the IRS to appear legitimate. Furthermore, the emails often come attached with fake W-8BEN forms to reinforce this legitimacy.

1. W-2 Scams

One of the biggest scams employers face are W-2 Scams, especially during tax season.

W-2 phishing scams involve a cybercriminal impersonating a company executive in an email. The email is sent to someone from HR or accounting, someone with access to employee W-2 forms. And of course, it comes with a subject line claiming it is urgent.

The request will look formal and polite as to not raise suspicion. The employee then collects all employee tax information and sends it back to the fake executive.

It’s as simple as that.

2. “Locked Accounts”

Accounting services like TurboTax have also been impersonated by cybercriminals notifying clients that their accounts have been locked. The email will feature a link taking the target to a fraudulent website where they submit their personal information.

3. “Update Information”

It’s not uncommon for an accounting client to receive an email notifying them that because of the incoming tax season, they need to update their tax filing information.

4. “Refunds”

In some cases, emails entice victims with incentives like tax refunds. It isn’t difficult to see why these would be successful. A business owner finds an email claiming the IRS owes them money and they are less likely to raise questions.

5. Holiday Scams

Since over 75 percent of Americans shop online for the holidays. Many of those Americans have full time jobs working in industries containing sensitive data. The greatest cyber security risk in any industry across the board is an employee. An even greater risk is an employee eager to get their holiday shopping out of the way.

Employees and business owners start shopping online for gifts, and cybercriminals are there ready to shoplift sensitive data. Social engineers, hackers and cybercriminals take advantage of the holiday season to send fake invitations and holiday deals from places frequented by their targets.

Shopping Spear Phishing fraud

Advanced spear phishing techniques can come disguised as a great online offer from your favorite online shopping site. I’m not referring to a popular shopping site, I’m talking about the site you specifically shop in. A cybercriminal will mine your social media and online activity until they have everything they need to create a counterfeit email you’re likely to click on.

That’s why it’s important to only use work email for work related matters. Many breaches happen because employees make the simple mistake of subscribing to online sites and programs with their work email.

Tax Security Awareness Fraud Statistics

Protecting Client information is protecting yourself

The Gramm-Leach-Bliley Act of 1999 requires all financial services organizations to have an information security plan to ensure the safety of sensitive client data. In other words, all finance organizations have to demonstrate what security measures they have in place to protect client information.

If a financial firm fails to take the proper security measures, independent of a breach, they could face penalties. Therefore, seeking guidance from cyber experts, like Nerds Support, for security-related issues is recommended.

But in the meantime, check out our blog for more articles on phishing, cyber security and compliance.

IRS Safeguard's Rule Cyber Security Social Engineering Customer Data

Renew Your Tax ID Number & Secure Your Data

The Importance of Data Security

It’s time to renew your prepared tax identification number (PTIN) for 2020. A data security responsibilities statement was added to the PTIN renewal process. It was added to keep you aware of your legal obligation to have a data security plan and data protection for taxpayer information. This is due to the Safeguard Rule. The Safeguard Rule states, “financial institutions must protect the consumer information they collect.”

As cyber-criminals continue to attack CPA firms, data security becomes more important. Accounting firms have important and sensitive client information hackers can use to get access to accounts or sell on the dark web. As a result, 71% of cyber breaches are financially motivated, according to a Verizon report on cyber-attacks in 2019. Knowing that, it’s easy to see why the accounting industry is so appealing to a cyber-criminal. Moreover, they steal taxpayer information and file fraudulent tax returns that they benefit from.

IRS Safeguard's Rule Cyber Security Social Engineering Customer Data

Securing Your Data as a CPA

If you’re an accountant or part of CPA firm, don’t fret. There are a few things you could do throughout your day to minimize risk of vulnerability to these attacks and keep your clients safe in the process.

Protect all email accounts with strong passwords. 81% of company data breaches are due to poor passwords, according to another Version report. Cyber criminals, like many people don’t want to work hard, they want to work smart. Therefore, they try and find the simplest route to achieving their objective. This is to say, if their objective is to hack an account the first thing they aim to get access to is password information. For instance, protect email and work accounts by using longer, more complex passwords that use a mix of numbers letters and symbols. Multi factor authentication is an additional way to prevent password access. For example, Nerds Support’s cloud software partner “Workplace”, requires users to log in through their desktops and their mobile devices. If the user fails to confirm they’re attempting to log in to their account within a few seconds, access is denied entirely.

Download anti-phishing software programs that help fight against phishing scams. 92% of malware is delivered through email. In addition, there anti-phishing programs like “avast!” and “Google Safe Browsing” that check pages against potential threats.

Do not open or download any attachments from suspicious or unknown domains. Hackers often use personal information on social media to create the illusion that they’re either existing or potential clients.

Only send password-protected, encrypted documents when files are shared with client over email.

Always back up sensitive data, preferably in a secure external server.

Develop a detailed security plan for clients.

The rising popularity of Cloud Computing

These simple IT solutions for accounting firms won’t replace a secure network and infrastructure. Managed IT for CPA businesses is an investment that will protect a firm from an attack of any kind.  As a result, any accounting firms are choosing to adopt cloud services for CPA firms specifically due to regulation requirements.

Cloud computing has become a strategic investment for many accounting firms. It has real-time responsiveness, a secure and scalable infrastructure, and a multitude of services that adapt to industry specific requirements. Additionally, the cloud helps develop a security plan to ensure an accounting firm complies with the safeguard rule.

The standard for cloud accounting service providers is maintaining compliance. Cloud compliance is the principle that cloud providers must be complaint with standards that the cloud customer faces.

Working in the cloud gives organizations flexible, convenient and secure solutions but it also requires working closely with the cloud provider and IT services team. All cloud providers have something called a Service level agreement.  SLA’s cover things like quality of service, availability and responsibilities of the cloud provider . That is to say, it’s a contract between the cloud provider and the client. Look into SLA’s if and when choosing a service provider.

There is a rising emphasis on data security and protection, as we discussed in the opening paragraph. The cloud is a helpful opportunity to advance your IT infrastructure. Make sure you’re doing everything you can to secure your client’s sensitive data.

If you have any further questions, Contact Us and we’ll be sure to answer them swiftly!