Cybercriminals Want Your Money—And Your Clients’, Too
Every year, cyber criminals find new and better ways to relieve you of your hard-earned money. With the fast pace of sensitive information being exchanged in the tail-end of tax season, right now is prime time for cybercriminals to attempt to access both your personal information and that of your clients. But by keeping a cool head and a little bit of healthy paranoia, you can keep yourself and your clients safer as you close out the tax season.
Stay On the Look Out for These Known Tax Scams in 2023
With every tax season comes a new batch of cybersecurity risks, potential tax scams, and other ways that cybercriminals try to steal people’s personal and financial information. Cybercriminals are increasingly targeting tax professionals due to their access to sensitive data for both individuals and businesses. The IRS dutifully covers known tax scams on their website, also detailing how to know if it’s really the IRS calling.
According to the IRS, the #1 scam is still someone getting a copy of your Social Security number and W-2 (or those of your client’s), then filing a tax return before you can.
Below, we’re providing a refresher on some of the latest phishing scams and five questions to ask to better protect your information and your business from these malicious threats during tax season.
2023 Top Tax Scams Have Started with Cybercriminals…
- Filing a false tax return under your or your client’s identity.
- Posing fake calls from the “Taxpayer Advocate Service” falsely indicating that you’ve been a victim of a crime or cybercrime and they need to “help you out.”
- Crafting high-pressure, one-to-one social situations (also known as “social engineering tactics”) that include personal phone calls, emails, and text messages.
- Tricking taxpayers into filing their taxes “for free,” with gift cards, or via social media promotions.
- Posing as CEOs or other executives of large companies to pressure you into providing sensitive information or access to it.
- Coercing you or your clients into investing in virtual currency such as Bitcoin.
5 Questions to Ask Before Clicking, Responding, or Sending
- Am I moving too fast? Slow down! Don’t let anyone pressure you. If they are making the situation feel urgent, or like a financial opportunity will only last a few days, that is your first warning that something isn’t right.
- How do I know that this person really sent this message? If the email came from a “known” contact, verify the content of the message—even if it was sent from a known contact—someone could be impersonating them. Were you expecting to receive the message, website link, or email attachment? If not, take a minute. Call them to verify they sent it.
- How can I verify the identity of the sender? If coming from an unknown contact, look into how you can confirm the identity of the sender. Can you open a new browser window (do NOT click on a link in the email) and check their published website? Does their email address from the message match to the “company” or “entity”? Do you have a trusted phone number or contact for the business or organization? If you have a phone number from the sender (NOT from the email), contact them to confirm they sent the message.
- Does the message evoke a sense of urgency? Maybe you’re not moving too fast, but someone is pressuring you to do so. They could use charged phrasing along the lines of losing access to your bank account, to a database or software that you use, or threaten service disconnection, loss of client data, etc. If so, use a trusted phone number to call the associated company to verify the notification.
- Is the form of payment non-traditional for business? If the person on the phone or on the other end of the message wants “immediate payment” in the form of anything non-traditional—i.e. an Apple iTunes gift card, Amazon gift card (really, just any gift card)—disconnect from the conversation. The IRS, other government entities, and legitimate businesses would never ask for payment via a gift card.
REDW’s Cybersecurity Experts Are Here to Help You Stay Cybersmart During Tax Season
Cybercriminals will continue to devise new, targeted attacks on unsuspecting taxpayers and tax professionals. Verizon’s 2022 Data Breaches Investigations Report noted that 82% of cybersecurity breaches involve a human element, “including social attacks, errors and misuse.” Many of these attacks can be stopped with proper training and education.
Learn more about REDW’s Cybersecurity Awareness Training, services for an IT Risk Assessment of your organization, or contact REDW IT & Cybersecurity Director Brian Grayek to discuss next steps.
