Cart
It's that time of year again: employees are eager to get tax refunds, turning the internet into a hunting ground for cybercriminals. With the IRS issuing warnings about an uptick in scam activities, CISOs must brace their defenses and prepare their teams for the challenges ahead.
In 2023, the average tax return was over $3,000. So, as you can imagine, we're looking at countless scam opportunities. We can count some of those opportunities: last year, the IRS received a staggering 294,138 reports of identity theft.
The sophistication of tax scams continues to evolve, with scammers leveraging technology to launch attacks. From deceptive phishing emails to convincing IRS impersonation, the arsenal fraudsters use is vast and varied. Here are some scams to be on the lookout for in 2024:
A type of tax scam by email, usually aimed at your company's tax pros, in which a fake email tricks users into providing confidential information, the W-2 Form scam falls into the Business Email Compromise (BEC) category. According to the FBI, "the most popular method remains impersonating an executive, either through a compromised or spoofed email in order to obtain W-2 information from a Human Resource (HR) professional within the same organization."
Imagine getting an email or phone call telling you that the IRS owes you more than they initially stated. Too good to be true? It is!
Refund scammers use various strategies to reach out to taxpayers. They use social engineering websites to obtain confidential information to break into victims' bank accounts, take out loans in their name, etc.
Criminals pretend to be IRS agents and make false claims that the user owes money. This tax scam usually takes the form of a finely crafted email that looks official and convincing, evoking urgency and requesting immediate action from the user. "Just click the link" 😉.
Awareness and education are key to avoiding this type of scam. This year, be proactive and provide your employees with all the necessary information to stay safe. Here are five tips on how to help your employees to keep their money in their pockets, not the scammers':
Prepare your employees with extra training and promote awareness campaigns to share knowledge. To avoid information overload, focus on byte-sized delivery over this period. This is an excellent opportunity to implement a cybersecurity newsletter to engage your workforce in online safety. Also, clarify how they should report anything suspicious.
Employees should file their taxes as early as possible. For one simple reason: since only one return per social security number is accepted, if someone steals your SSN and impersonates you to file on your behalf, they might be able to get your refund before you do. When a scammer impersonates you, the IRS can take years to sort it out.
Once available only for victims of tax scams, the Identity Protection PINs are now available for the public to be used proactively. An IP PIN is a six-digit number that prevents someone else from filing a tax return using your Social Security (SSN) number or Individual Taxpayer Identification Number (ITIN). Employees can set their PIN on the respective IRS page.
Your employees should be well-versed in password protection by now. If not, here's an interesting article on the subject. Advise your employees to password-protect those Excel sheets where they keep their and their spouse's personal information.
Yes, they probably have this information unprotected and readily available somewhere. Also, remind them not to share personal information as a message to their spouses or tax preparers.
Although some might find it unbelievable, thousands still fall victim to calls from scammers impersonating IRS agents yearly, losing millions of dollars. Kindly remind your employees that the IRS sticks to the old-fashioned, official government method of communication: traditional mail, delivered by the USPS.
Most importantly, the IRS doesn't initiate contact with taxpayers to request personal or financial information using email, text messages, or social media channels.
Your finance and HR personnel are gatekeepers of a valuable treasure: a massive amount of personal tax information from hundreds, thousands of your employees.
Fraudsters will try to access all this information by impersonating company executives and requesting employee tax information.
In some more sophisticated cases, they will track social media to determine the best action (for example, attacking when the manager is out on vacation). Junior team members or recent hires are usually optimal targets for these scams.
Education is critical to preventing and responding to tax and IRS-related threats. How are you engaging your employees in cybersecurity?
Are they aware of the latest threats, and how can they recognize them, stay protected, and report them?
At Aware Force, we deliver bespoke cybersecurity content. It’s topical, easy to understand,, relevant material that employees love — and as a result, they frequently let IT teams know how much they appreciate the effort. The content is fresh, interactive, and customized for your organization. Best of all, Aware Force requires a very small time commitment from you and your team.
If you’re settling for a “check the box” approach, check us out. Aware Force will turn your team into cybersecurity heroes, picking up where your cybersecurity training leaves off, and ensuring that your workforce remains vigilant and informed.
Check out our extensive cyber library and awesome cybersecurity news service — with multimedia content branded and tailored for you.
Sources:
