Anywhere Operations has unlocked many positive business outcomes over the past few months and years, but there are a few cybersecurity-related downsides we must recognize, including the uptick in targeted phishing scams. In 2021, organizations with more than 50% of their workforce operating remotely took an average of 58 days longer to identify and contain a cybersecurity breach.
With tax season in full swing, everyone has an eye on that April filing deadline. However, that's not the only thing to keep in mind. Tax phishing scams are on the rise and they are a unique IT security risk for individuals as well as business owners. Targeted phishing attacks are one of the top concerns for today's IT decision-makers. Let's explore the top tax phishing tactics and the necessary protective measures you should take to secure sensitive data.
Tax Phishing Scams to Avoid
A phishing attack is defined as a cybersecurity threat that uses email and malicious websites to trick victims into exposing sensitive information. Bad actors impersonate legitimate institutions to gain trust to enact the scam. Here are a few examples of tax phishing scams to watch for:
1. Unverified Requests "from HR"
During tax season, it may seem completely normal for your HR manager or finance department to make requests for personally identifiable information (PII), such as W-2 forms or other tax documents, so they can meet filing deadlines. However, it could also be hackers masquerading as someone you trust in order to secure your highly sensitive information.
These scams may begin with an email containing hard deadlines and assertive statements like, "I need this document before the end of business today." Scammers use urgency in hopes that the haste may cause their targets to overlook sender details or other signs that give away their unauthorized requests.
Net Friends Pro-Tip:
Always verify any unexpected requests for sensitive information by making in-person contact with your HR or Finance Department, and avoid clicking links or attachments in case they are malware in disguise.
2. IRS Impersonations
Cybercriminals may approach you by pretending to be the IRS. Their goal can be to have people click on a link that leads to a fake website and trick their targets into authorizing payments to steal your credit card information. These emails and websites may even contain the IRS logo and often threaten the involvement law enforcement to prompt victims to act quickly.
Beware of calls and voicemails, otherwise known as vishing attacks, that ask you to settle your balance. They may even ask you to do so with gift cards (the IRS does not use gift cards as a payment method).
The IRS doesn't initiate contact with taxpayers by email, text messages or social media channels to request personal or financial information. This includes requests for PIN numbers, passwords or similar access information for credit cards, banks or other financial accounts.
3. Refund Re-Calculation Scams
Scammers are aware that taxpayers are responsive to exploits that involve increasing or adjusting tax refunds. Beware of emails (or calls) that indicate a re-calculation for a higher tax refund. Clicking on these types of links can take victims to a web page where their PII is stolen and used to access online bank and credit card accounts. Cybercriminals have also applied for credit cards and loans in their victims’ names.
Net Friends Pro-Tip:
Be weary of any tax refund communication via email or phone, even if you see their logo on a communication. Verify the sender and avoid clicking links or attachments. The IRS will never request sensitive information or immediate payments via email.
Other scams to avoid include the stimulus payment and the taxpayer advocate scams.
Safeguard Against Tax Phishing Attacks
Avoid tax phishing scams by:
- Ignoring demands for payment via phone or email from "the IRS" — they do not use these forms of communication to collect payments
- Not giving in to threats of arrests and lawsuits
- Not clicking on links or downloading attachments in suspicious emails (especially unsolicited ones)
- Understanding how the IRS operates and how they make contact with taxpayers
- Always contacting the IRS directly via the customer service numbers listed on its website
- Contacting your HR or Finance department directly or in-person to verify all information and document requests
- Constantly checking bank and credit records to identify and stop any fraudulent activity
- Informing employees to avoid public Wi-Fi when filing their taxes
- Promoting email security with regular training and phishing tests to keep everyone vigilant
- Building and maintaining a robust IT security awareness culture
Improve Your Cybersecurity
You have a lot to keep track of during this tax season and beyond. Net Friends can help your team improve their cybersecurity knowledge and posture. Contact us today for more information about our IT services.
WHAT TO READ NEXT: