Cybersecurity Tips for Tax Season
Tax season cybercrime is becoming more common, with an increase in tax fraud issues from February to April – prime tax season. Business email compromise and phishing attempts are widespread during these months. Small businesses send and receive a significant amount of financial and confidential information to their accountants or tax preparers. This type of environment is a prime target for cyber attacks. In 2023 alone, the IRS identified more than $5.5 billion in tax fraud and financial crimes.
Common Tax Fraud Issues
The Federal Trade Commission (FTC) says that tax-related identity theft is the most common type of identity theft. Examples of tax fraud scams, which target both individual taxpayers and businesses, include:
Impersonating IRS Phone Scams: Callers claim to be IRS employees, say that you owe money and it must be paid as soon as possible via gift cards or a wire service. The real IRS will not call and demand immediate payment. In general, they will send a notice or bill via the mail.
Phishing, Email and Malware Scams: Cybercriminals will attempt to get valuable data via unsolicited emails, text messages, or fake websites that prompt users to click a link and open attachments to share personal or financial information or to release malware or spyware into a computer system.
Dishonest Tax Firms: Tax preparation companies with little or no credibility open and close quickly during peak tax season. These businesses might not have secure systems, allowing cybercriminals to easily access your information.
Cybersecurity Tips for Tax Season and Beyond
You can protect your business from tax fraud scams and cyber attacks by implementing employee cybersecurity training and data privacy verification procedures, such as:
Do not share social security numbers or any tax documentation with unknown parties.
Keep an eye on your credit report to see if any bank accounts are being opened in your name.
Look for any business loans being taken out under your company EIN.
Triple check information prior to sending any wire or ACH transfers. Call a known phone number directly (not using the email signature), and ensure that multiple parties review before pushing through any payment.
Stop, think and double-check rush demands with other team members or management. Threat actors tend to use urgency in an attempt to rush people to make a mistake.
Do not open attachments unless it is one you expected. If in doubt, have IT look at the email in an abundance of caution.
Do not allow someone requiring access to your computer unless you can confirm whether they are legitimate with your IT department. Always gather their contact information, confirm and call back if necessary. It is not common practice for someone unknown to call and ask for remote access.
Use secure passwords and don’t share or reuse them.
Ensure you communicate with an authentic individual and not an imposter trying to steal personal and financial information. If you are not familiar with the person's name, verify their relationship with your company before sharing any data.
Utilize multi-factor authentication (MFA) when filing taxes online. Use a tax preparing service that requires a username, complex password and MFA when accessing your account.
Update software on all devices and operating systems that connect to the internet. Having current software that is fully patched is a strong defense against viruses and malware.
Suspected Tax Fraud
If you believe you are a victim of tax-related identity theft or fraud, contact the IRS immediately at the number on the IRS notice. If you didn’t receive a notice, call the IRS Identity Protection Specialized Unit (IPSU). The government website, Identity Theft, also provides information on the next steps you need to take.
Protect Your Company with Cyber Insurance
Cyber insurance augments and supports the business’s efforts to recover from a cyber attack. It provides access to expert resources and financial support through investigation, notification, recovery and post-recovery activities related to a data breach event. For more information contact us for more information.
Dan Zeiler
dan@zeiler.com
877-597-5900 x134