With December fast approaching, most people are gearing up for the holidays. Some, however, are preparing to steal personal and financial data ahead of tax filing season in 2020. That’s why the IRS announced its 4th annual National Tax Security Awareness Week.
The IRS received five to seven reports weekly from tax firms that experienced data theft in 2018’s tax season. Identity theft is a major issue for small businesses.
In the spirit of everyone’s favorite season (tax season), the IRS and Security Summit partners will remind businesses, tax payers and professionals alike to update their online security. Because of the upcoming holidays, people are vulnerable to all kinds of social engineering scams.
Modern IT solutions for accounting firms can assess emails and flag suspicious activity. However, responsibility falls on individuals, whether executives or employees, to protect themselves against tax related scams too.
IRS tax scams are common because cyber criminals are most effective when they hide behind authority. They typically feature spam emails redirecting users to malware-infected sites. Sometimes they’ll come with a malicious attachment that carries spyware or malware.
These emails contain an image banner or watermark of the IRS to appear legitimate. Furthermore, the emails often come attached with fake W-8BEN forms to reinforce this legitimacy.
1. W-2 Scams
One of the biggest scams employers face are W-2 Scams, especially during tax season.
W-2 phishing scams involve a cybercriminal impersonating a company executive in an email. The email is sent to someone from HR or accounting, someone with access to employee W-2 forms. And of course, it comes with a subject line claiming it is urgent.
The request will look formal and polite as to not raise suspicion. The employee then collects all employee tax information and sends it back to the fake executive.
It’s as simple as that.
2. “Locked Accounts”
Accounting services like TurboTax have also been impersonated by cybercriminals notifying clients that their accounts have been locked. The email will feature a link taking the target to a fraudulent website where they submit their personal information.
3. “Update Information”
It’s not uncommon for an accounting client to receive an email notifying them that because of the incoming tax season, they need to update their tax filing information.
4. “Refunds”
In some cases, emails entice victims with incentives like tax refunds. It isn’t difficult to see why these would be successful. A business owner finds an email claiming the IRS owes them money and they are less likely to raise questions.
5. Holiday Scams
Since over 75 percent of Americans shop online for the holidays. Many of those Americans have full time jobs working in industries containing sensitive data. The greatest cyber security risk in any industry across the board is an employee. An even greater risk is an employee eager to get their holiday shopping out of the way.
Employees and business owners start shopping online for gifts, and cybercriminals are there ready to shoplift sensitive data. Social engineers, hackers and cybercriminals take advantage of the holiday season to send fake invitations and holiday deals from places frequented by their targets.
Shopping Spear Phishing fraud
Advanced spear phishing techniques can come disguised as a great online offer from your favorite online shopping site. I’m not referring to a popular shopping site, I’m talking about the site you specifically shop in. A cybercriminal will mine your social media and online activity until they have everything they need to create a counterfeit email you’re likely to click on.
That’s why it’s important to only use work email for work related matters. Many breaches happen because employees make the simple mistake of subscribing to online sites and programs with their work email.
Protecting Client information is protecting yourself
The Gramm-Leach-Bliley Act of 1999 requires all financial services organizations to have an information security plan to ensure the safety of sensitive client data. In other words, all finance organizations have to demonstrate what security measures they have in place to protect client information.
If a financial firm fails to take the proper security measures, independent of a breach, they could face penalties. Therefore, seeking guidance from cyber experts, like Nerds Support, for security-related issues is recommended.
But in the meantime, check out our blog for more articles on phishing, cyber security and compliance.