Every organization has a different set of challenges and priorities specific to their environment. As tax season approaches, we are seeing more tax-related phishing and social engineering attacks. The IRS released a notice on February 1, indicating the signs and a “Dirty Dozen” list of tax scams in 2017.
What to Look Out For
Malicious entities are posing as a person or organization in a tax payer’s circle of influence. We’ve seen this play out in multiple scenarios (surprise tax returns, tax bills, etc.), but a common scenario is when the criminal poses as a CXO and requests W-2s.
According to the IRS, there have been email schemes targeting tax professionals, payroll professionals, human resources personnel, schools as well as average taxpayers. Criminals pose as a person or organization the taxpayer recognizes, or as a bank, credit card company, tax software provider or government agency.
Stay Ahead of Phishing Attempts
Be extra cautious when someone is asking for personal or company information through an unexpected form of communication, even if it appears to be coming from someone you know or an organization you recognize. Even the most cautious person can be fooled.
If you receive unexpected emails about a big refund, a tax bill or requesting personal information, don’t trust them. Cyberattackers are becoming more advanced with their approach.
According to the IRS, “Scam emails and websites also can infect a taxpayer’s computer with malware without the user knowing it. The malware can give the criminal access to the device, enabling them to access all sensitive files or track keyboard strokes, exposing login information.”
The bottom line is to be extra aware of these types of attacks. And if you do fall victim, discuss the attack with your finance department immediately to ensure they don’t fall victim to it as well. If you would like to learn more about our security solutions, visit www.siriuscom.com/security, or contact us directly.