As the saying goes… in this world, nothing is certain except death and taxes. Although it originated more than 200 years ago, this notion still stands true today, but it now holds even more of a burden and complexity thanks to hackers and their ever-present quest to steal your identity.
The current state of tax scams
As the 2021 tax season arrived, so did the scams both new and recycled. The IRS has warned that the 2021 tax scams are 'very active and very creative'. Tax scams happen year-round, but they tend to increase in volume and intensity during tax season. With 1 in 8 users falling for phishing scams and over 85% of companies falling victim to phishing-related attacks in 2020, tax phishing e-mail scams are now a new certainty.
Cybercriminals will never run out of crafty schemes and ingenious ploys to siphon a buck from any victim they can reel in. These clever thieves know that targeting business owners and executives can net them the biggest benefits with their access to bank account information and highly sensitive employee data.
So what should you look out for?
Staying vigilant by looking out for these ploys means being skeptical of any e-mails appearing to come from state or federal tax agencies, or accounting software vendors asking you to take urgent action or asking you to provide the password, bank account, or employee W2 information.
This type of fraud employs many clever techniques brought about by “social engineering” (the use of deception to manipulate individuals into divulging confidential or personal information that may be used for fraudulent purposes) to identify key employees and send emails directly to them. Attacks are 10 times more likely to produce a victim if the target answers an initial probe email, such as “Are you at your desk to make a payment?”
It's time to train your employees, and yourself!
Untrained employees will open and take some action with a bogus phishing email 30% of the time. That is why cybersecurity and phishing training is so important for ALL employees in an organization. Statistics show that after going through training including being subjected to bogus emails sent to test if people respond, only 2% of employees will interact with the phishing email. Once they know about and understand the danger, they rarely fall for these types of attacks.
The bottom line
There is one problem with training though – many corporate leaders, who are often the targets of phishing fraud, order such training but don’t take it themselves, perhaps believing that they are too busy or that they are too smart to fall for such schemes.Bottom line: if you ever get this kind of request, always double-check by CALLING that person to confirm, and even if it turns out to be a legitimate request, you should NEVER send confidential information, like social security numbers (or attachments with this information inside of them), without taking precautions to password-protect and encrypt the message first.
Remember, if it doesn’t seem right, it probably isn't. By remaining vigilant and using your cyber-smarts, you can greatly reduce your risk of suffering a cyberattack. To help you stay cyber-smart, sign up to attend our cybersecurity webinars focused on how to identify and prevent you and your firm from falling victim to phishing scams. Next Thursday, at 11:30 AM, you’ll have the opportunity to join us on our “Don’t for Tax Scams! What Every Business Owner Needs to Know” webinar. Register today to keep you and your employees up to date on the latest threats and precautions you can take to survive the cyber jungle.