The deadline for income taxes to be filed in the United States has been pushed back to May 17, which means that last-minute tax filers have more time to file their taxes. But it also means that opportunistic cybercriminals have one extra month to steal their personal information and get their hands on sensitive tax documents.
While cybercrime tends to ramp up every year during the tax season, this season (just like the last one) is unique because it’s happening during the COVID-19 pandemic, with millions of employees working remotely from their homes and communicating tax-related information electronically.
Tax Fraud Is Widespread
It probably won’t surprise you to learn that all professional tax preparers are juicy targets for cybercriminals. During the 2018 tax season, the IRS received five to seven reports per week from tax firms that have experienced a data theft for a total of 234 reports, a 29 percent increase from the 182 reports received during the same time in 2017.
But it’s not just tax and accounting firms whose employees may enter the crosshairs of digital fraudsters. Payroll and benefits providers, mortgage companies, banks, investment and securities firms, and all organizations with internal payroll, human resources, and benefits departments are equally juicy targets.
Cybercriminals have become particularly interested in documents that would disclose their identities and Electronic Filing Identification Numbers because they can use this information to file fraudulent returns. However, just about any personal or financial information can be used to commit identity theft or sold in bulk on the dark web to the highest bidder.
Common Tax Season Cyberscams
Tax-related online scams are constantly evolving to keep one step ahead of their victims, but the fundamental techniques they rely on have remained largely unchanged. Instead of highly technical breaches of protected systems, they revolve around the exploitation of the weakest link in most cybersecurity chains: the human factor.
Some of the most dangerous tax season cyberscams start with seemingly innocent email messages claiming to be from the IRS. Here’s what such messages commonly say:
“Your account has been restricted, and you have 24 hours to reactivate it.”
“We oblige you to update your tax return by downloading the attached validation form.”
“You are eligible to receive a refund. Please provide one proof of identity and one proof of address.”
Besides these and other phishing messages, cybercriminals also don’t hesitate to contact their targets via phone, pretending to be someone from the IRS. These so-called vishing attacks can be even more dangerous than phishing messages because they invoke an instant response.
Staying Safe During Tax Season
Regardless of if you’re a small organization or a large tax firm, you still need to follow the same best practices and solutions to protect yourself:
- Recognize tax fraud warning signs: Remember that the IRS never initiates contact by phone, email, text, or social media. Traditional mail is the only communication method used by the revenue service, and all real IRS letters arrive in a government envelope with the IRS seal.
- Use strong passwords: Don’t make it easier for cybercriminals to steal your personal and tax information by using weak passwords that can be guessed in no time. Instead, use a long password or passphrase and run it through a password safety checker to calculate how long it would take to crack it.
- Enable multi-factor authentication (MFA): You should enable multi-factor authentication whenever possible to add at least one additional layer of protection on top of the password, such as an authenticator app, biometric information, or personal identification number (PIN).
- Keep all software updated: Outdated software applications may contain critical vulnerabilities that can be remotely exploited to gain access to sensitive data and protected systems, so avoid postponing patches until the last minute.
- Implement spam filtering: Approximately 50 percent of all email messages sent every day are spam. While even the best spam filtering solution doesn’t replace common sense, it can go a long way in keeping your inbox clean and protecting you against tax-related phishing attacks.
If you would like help with the implementation of the above-described best practices and solutions, you can contact us at Spectrum Technology Solutions and take advantage of our complete array of cybersecurity services