The IRS spotted highly sophisticated attacks against tax firms this year. The hackers gained remote access either through phishing or malware and with it they were able to get into the cloud storage accounts having files of the clients. In one of the cases, the intruders quietly kept downloading and accessing the information of taxpayers for around 18 months before they were caught. The Internet Crime Complaint Center of FBI reported that there was a loss of $57 million of the people to phishing schemes in a year. The IRS and the Security Summit partners have warned tax professionals to be attentive to the new phishing scams that are trying to take advantage of the Corona Outbreak, Economic Impact Payments, and increased teleworking by practitioners.
The IRS, state tax agencies, and the nation’s tax industry urged tax firms to review and enhance the data protection blueprint as cybercriminals have stepped up in their efforts of stealing client tax information. Criminals are targeting tax professionals as well as taxpayers. The initiative by the IRS of security summit, the private-sector tax industry, and state tax agencies highlights basic security steps for all practitioners, but especially those who are working remotely in response to the pandemic.
If we get into the history of phishing scams then we can see some of the biggest names there that fell into the trap like Facebook, Google, Crelan Bank, FACC, Upsher-Smith Laboratories, Ubiquiti Networks, Leoni AG, Xoom Corporation, and more. So from that, we can understand the caliber of the criminals and understand that we need to learn the proper way to tackle the phishing scams.
Whether it is a large corporation, a small business, or a medium-sized company, Phishing is considered to be one of the most dangerous threats to the business. Chuck Rettig, the IRS Commissioner said that “The coronavirus has created new opportunities for cybercriminals to use email to try stealing sensitive information. Let us look at some of the methods that hackers use for the purpose of phishing.
Phishing emails are the most common form of phishing, and messages such as your account password expired come up in the mail. There is a link or attachment in the mail that looks quite official. Clicking on that link may take you to a site that looks like a trusted source but is actually fake. The site requests your username and password, or the attachment can contain malware that would secretly download another malware that tracks keystrokes. With the keystrokes, it becomes quite easy for the hacker to steal all the passwords of a tax professional. During the corona outbreak, the scammers have presented themselves as providers of face masks or personal protective equipment in short supply. The hackers also used other tactics against the taxpayers as well as the tax professionals while impersonating the IRS or potential clients and calling or emailing requests to send the economic impact payments for bank account information
These are some of the signs, now let us move to the preparation that we need to fight against the phishing scams.
There has been an issue of warning recently by the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) for educating employees, especially the teleworking, about the phishing scam activities that have increased. People are practising social distancing these days, and the criminals are exploiting this process by tricking the tax professionals into opening links or attachments.
The Security Summit has urged the tax professionals to create the policies of trusted customers and do the contacting with potential clients via phone or video conference.
With the phishing emails being so common and successful, Summit partners have urged the tax professionals to educate all office personnel about the problems and risks of clicking on suspicious emails, especially during the pandemic period. The tax professionals and taxpayers really need to keep some of the important points in mind, let us delve into that.
File your taxes early: If you file your taxes early, scammers planning to use your personal information to file a fraudulent return in your name will not be able to do so. They cannot file if you beat them to it.
Never click a link in an email that notifies you the availability of tax documents: When you open the browser, type in online W-2 your company or tax document retrieval service URL to avoid most of the common phishing scams. This ensures you enter the right website and get your documents safely.
Avoid impersonation scams of the IRS: The IRS never contacts you over the phone or email to ask for payment of an overdue tax bill. Criminals frequently make such calls and they can request payment by normal means or by prepaid gift cards, and any contact like this should be ignored.
Report a tax fraud: The IRS encourages taxpayers for sending suspicious emails related to tax fraud to [email protected] The other forms of tax fraud could be reported by following these instructions.
If individuals receive any unexpected or suspicious correspondence appearing to be from DOR or the IRS, they can report it to:
Internal Revenue Service
Email: [email protected]
Indiana Department of Revenue
Email: [email protected]
Phone: 317-232-2240, Monday through Friday, 8 a.m. – 4:30 p.m.
If you already know your data has been compromised, remember the Federal Trade Commission’s website has information to help you determine your next steps at identitytheft.gov.
Ultimately, individuals are empowered to play an active role in stopping phone and email phishing scams during tax time. Learning to recognize illegitimate emails and text messages, implementing personal solutions, and taking advantage of government resources will help ensure a safe and successful end to what has been a challenging financial year.
Last Updated on October 5, 2021 by admin