Anywhere Operations has unlocked a lot of positive outcomes for businesses. However, there are still cybersecurity-related downsides to recognize, including the uptick in targeted phishing scams. In IBM's 2021 Cost of a Data Breach report, organizations with more than 50% of their workforce operating remotely were discovered to take an average of 58 days longer at identifying and containing a cybersecurity breach. In the 2022 report, IBM found that "For 83% of companies, it's not if a data breach will happen, but when."
With another tax season ramping into full swing, everyone has an eye on that April filing deadline. However, that's not the only concern to keep in mind. Tax phishing scams are on the rise and they are a unique IT security risk for everyday individuals as well as businesses. Targeted phishing attacks are one of the top concerns for today's IT decision-makers. Let's explore common tax phishing tactics and the necessary protective measures to secure your sensitive data.
Top 3 Tax Phishing Scams to Avoid
A phishing attack is defined as a cybersecurity threat that uses email and malicious websites to trick victims into exposing sensitive information. Bad actors impersonate legitimate institutions to gain trust to enact the scam. Here are a few examples of tax phishing scams to watch for:
1. Unverified Requests "from HR"
During tax season, it may seem completely normal for your HR manager or finance department to make requests for personally identifiable information (PII) related to your W-2 forms or other tax documents, so they can meet filing deadlines. However, be wary of hackers masquerading as someone you trust in order to secure your highly sensitive information.
These scams may begin with an email containing hard deadlines and assertive statements like, "I need this document before the end of business today." Scammers use urgency in hopes that the applied haste may cause their targets to overlook sender details or other signs that give away unauthorized requests.
Net Friends Pro-Tip:
Always verify any unexpected requests for sensitive information by making in-person contact with your HR or Finance Department, and avoid clicking links or attachments in case they are malware in disguise.
2. IRS Impersonations
Cybercriminals may approach you by pretending to be the IRS. Their goal is to have people click on a link that leads to a fake website that tricks their targets into authorizing payments. These emails and websites may even contain the IRS logo and often threaten the involvement of law enforcement to prompt victims to act quickly.
Beware of calls and voicemails, otherwise known as vishing attacks, that ask you to settle your balance. They may even ask you to do so with gift cards (the IRS does not use gift cards as a payment method). The IRS website clearly states:
The IRS doesn't initiate contact with taxpayers by email, text messages or social media channels to request personal or financial information. This includes requests for PIN numbers, passwords or similar access information for credit cards, banks or other financial accounts.
3. Tax Refund Scams
Scammers are aware that taxpayers are responsive to exploits that involve increasing or adjusting tax refunds. Beware of emails (or calls) that indicate a re-calculation for a higher tax refund. Clicking on these types of links can take victims to a web page where their PII is stolen and used to access online bank and credit card accounts. Cybercriminals have also applied for credit cards and loans in their victims’ names.
Net Friends Pro-Tip:
Be wary of any tax refund communication via email or phone, even if you see the IRS logo on a communication. Verify the sender and avoid clicking links or attachments. The IRS will never request sensitive information or immediate payments via email.
Safeguard Against Tax Phishing Attacks
Avoid tax phishing scams by:
- Ignoring demands for payment via phone or email from "the IRS" — they do not use these forms of communication to collect payments
- Not giving in to threats of arrests and lawsuits
- Not clicking on links or downloading attachments in suspicious emails (especially unsolicited ones)
- Understanding how the IRS operates and how they make contact with taxpayers
- Always contacting the IRS directly via the customer service numbers listed on its website
- Contacting your HR or Finance department directly or in-person to verify all information and document requests
- Vigilantly checking bank and credit records to identify and stop any fraudulent activity
- Informing employees to avoid public Wi-Fi when filing their taxes
- Promoting email security with regular training and phishing tests to keep everyone vigilant
- Building and maintaining a robust IT security awareness culture
Improve Your Cybersecurity
You have a lot to keep track of during this tax season and beyond. Net Friends can help your team improve their cybersecurity awareness and posture. Contact us today for more information about our IT services.
Originally Published: March 29, 2022
Revised On: January 18, 2023
WHAT TO READ NEXT: