Cybersecurity tips for tax season
As tax season approaches, cybercriminals are increasingly targeting individuals and businesses through various scams.
Tax season cybercrime is becoming more common, with an increase in tax fraud issues from February to April — prime tax season. Business email compromise and phishing attempts are widespread during these months. Small businesses send and receive a significant amount of financial and confidential information to their accountants or tax preparers.
This type of environment is a prime target for cyberattacks. In 2023 alone, the IRS identified more than $5.5 billion in tax fraud and financial crimes.
The Federal Trade Commission reported that tax-related identity theft is the most common type of identity theft. Examples of tax fraud scams, which target both individual taxpayers and businesses, include:
- Impersonating IRS phone scams: Callers claiming to be IRS employees will allege the target owes money that must be paid via gift cards or a wire service as soon as possible. The real IRS will not call and demand immediate payment. In general, they will send a notice or bill via the mail.
- Phishing, email and malware scams: Cybercriminals will attempt to get valuable data via unsolicited emails, text messages or fake websites that prompt users to click a link and open attachments to share personal and financial information or to release malware or spyware into a computer system.
- Dishonest tax firms: Tax preparation companies with little or no credibility open and close quickly during peak tax season. These businesses might not have secure systems, allowing cybercriminals easy access to information.
Cybersecurity tips for tax season, beyond
You can protect your business from tax fraud scams and cyberattacks by implementing employee cybersecurity training and data privacy verification procedures, such as:
- Do not share social security numbers or tax documentation with unknown parties.
- Keep an eye on your credit report to see if any bank accounts are being opened in your name.
- Look for any business loans being taken out under your company EIN.
- Triple-check information before sending any wire or ACH transfers. Call a known phone number directly (not using the email signature), and ensure that multiple parties review before pushing through any payment.
- Stop, think and double-check rush demands with other team members or management. Threat actors tend to use urgency in an attempt to rush people to make a mistake.
- Do not open attachments unless it is one you expected. If in doubt, have IT look at the email.
- Do not allow someone to access your computer unless you can confirm with your IT department the requests are legitimate. Always gather their contact information, confirm and call back if necessary. It is not common practice for someone unknown to call and ask for remote access.
- Use secure passwords. Don’t share or reuse them.
- Ensure you communicate with an authentic individual and not an imposter trying to steal personal and financial information. If you are not familiar with the person’s name, verify their relationship with your company before sharing any data.
- Utilize multifactor authentication (MFA) when filing taxes online. Use a tax preparation service that requires a username, complex password and MFA when accessing your account.
- Update software on all devices and operating systems that connect to the internet. Having current software that is fully patched is a strong defense against viruses and malware.
Suspected tax fraud
If you believe you are a victim of tax-related identity theft or fraud, contact the IRS immediately at the number on the IRS notice. If you didn’t receive a notice, call the IRS Identity Protection Specialized Unit (IPSU). The government identity theft website also provides information on the next steps you need to take.
Michelle Page is a director of cyber services and incident response at AmTrust. In this role, she handles cyber claims from inception to closure by bringing in necessary vendors to assist, evaluating coverage, and supporting Insureds from start to finish. Prior to joining AmTrust, Michelle worked in private practice as a corporate and data privacy attorney.
This piece originally appeared on the AmTrust Financial website. It is republished here with permission.
Related: