Tax season is upon us again and the cyber-criminals will be busy coming up with a new tricks, and continuing the old, to try to steal tax information and file fake tax refunds. Here are some of the new and old tricks that cyber-criminals will be employing this tax season and some tips on how you can avoid being taken advantage of and protect your personal information and the information of your employees.
A New Twist
Who wouldn’t be happy to get a bunch of money deposited in their bank account by surprise from the IRS?! Unfortunately for us, the IRS is not just giving us all money and it is a new elaborate scam by hackers to try to swindle you and the IRS out of money. Hackers are using your personal information to file a fraudulent tax return on your behalf but also having it deposited in your bank account. Then they fall back to their old scam of calling or emailing you, claiming to be the IRS and demanding that you send the money back.
Due to the massive Equifax data breach, the IRS is expecting a huge uptick in the number of fraudulent filings. To try to help combat some of the fall-out, each employer has been assigned a special Employer Code that is found on the W-2 form to try to make sure that fake W-2s are not used to file claims.
The IRS also has encouraged everyone to try to file their claims as quickly as possible as to not allow hackers a chance to put in a fake claim before you do. If two (or more) claims are filed with your social security number, the IRS will notify you by snail mail. As an important reminder: The IRS does not email or call EVER.
If you try to eFile and a claim has already been filed, your claim may be rejected and you will need to contact the IRS (also because of the Equifax data breach, contact the FTC).
The good, old W-2 Phishing Scam
Despite IRS warnings and tons of news the past couple of years, cyber-criminals are still tricking businesses into sending their employee records. A few years ago, the IRS warned companies of falling for the W-2 scams but companies are continuing to fall for email scammers posing as the company CEO or executives asking for employee summaries and W-2’s.
Employees may be your business’ greatest weakness but they also can be your greatest defender if you take the time to educate them. Inform your employees who have access to sensitive employee data about these types of scams. Don’t just assume that they know.
Teach your employees how to identify phishing scams and when it comes to sharing sensitive data, you can encourage them to seek verbal approval from the requester. Even though scammers state there is extreme urgency in receiving the response such as payroll not being processed or IRS forms not being submitted in time, getting a verbal confirmation from the sender is the best way to protect sensitive information (the same goes for urgent requests for wire transfers to the Finance Department.)
Lastly, sensitive employee data should never be transmitted unencrypted (even if it’s thought to be internal). You should also think about investing in a data loss prevention (DLP) tool that will ensure that if any attempt to send sensitive information via email is detected, the information is either blocked from being transmitted or is encrypted for safety. Tego Cyber Inc has partnered with Trustifi for advanced email protection. For a no-hassle, short, complimentary demo, contact us.