Tax Season Ransomware Scam – Watch Out for the Latest
It goes without saying that tax season is a stressful time of year for most. This year, savvy cybercriminals are doing their best to escalate the anxiety by launching a well-timed series of tax season ransomware scams designed to get unsuspecting businesses to release sensitive information.
Fortunately, knowledge is power — and understanding just how these criminals operate is the first step in protecting yourself and your business.
Top 3 Typical Tax Season Cyber Scams
There are many ways cybercriminals seek to get control of sensitive data that allows them access to your personal accounts. Here are three of the most common scams in circulation this year, but if you have any questions, please reach out to one of our cybersecurity managed services experts to answer any questions.
1. Phishing Emails
Phishing emails, or emails that attempt to get you to give up personal information in response to an official-seeming request are not uncommon.
This tax season, be wary of emails that impersonate official correspondence from the Internal Revenue Service (IRS) or popular tax return programs like TurboTax claiming:
- Your account or tax return is restricted or locked
- You must update your tax filing information
- A tax payment was deducted from your account
- You are eligible to receive a refund
Scammers have also been known to attempt to solicit form W-2 information from human resource and payroll departments and pose as Taxpayer Advocacy Panel officials using emails as a way to gain entry.
Hackers have discovered that tax-themed websites like those of smaller accounting firms are a great place to insert malware like ransomware that can be downloaded on your computer to hold your information hostage until you pay up.
Ransomware attacks were up by 356% in 2019, and the technique is rated among the top four threats by the IRS… and that’s not just for tax season ransomware scams.
3. Phony Internal Revenue Service (IRS) Calls
In 2018, the Justice Department shut down a multinational IRS phone scam effort that defrauded more than 15,000 people out of millions of dollars over two years.
During the operation, scammers would impersonate IRS officials on phone calls, attempting to retrieve personal information such as social security numbers from victims.
In a statement from their website, the IRS notes, “The IRS doesn’t initiate contact with taxpayers by email, text messages or social media channels to request personal or financial information.”
They follow up with a link to a page that provides information regarding how to tell if it’s really the IRS when you receive a letter, phone call, or other correspondence.
4. Cybersecurity Tips to Protect Your Tax Returns from Ransomware and Other Scams
Now that you understand what cybercriminals are up to this tax season, what can you do to protect yourself from getting scammed? Turns out, quite a bit.
- Educate Yourself — and Your Staff
You’ve read this article, so you’re on your way to understanding the depth and breadth of cyberthreats as they relate to tax season.Now go deeper by keeping abreast of the changing tactics used by hackers. The U.S. Department of Homeland Security has a Cyberawareness Division that posts updated educational material.
And, don’t keep this information to yourself. Create a cyber awareness training for your business and conduct regular classes to keep employees on their toes.
- Use Two-Factor Authentication
Signing into a tax platform like TurboTax? Make sure you use two-factor authentication on all information-sensitive sites.In fact, two-factor authentication is a good idea across all devices — including printers — to prevent unauthorized access of sensitive information.
- Keep Software Updated
Hackers exploit old software versions to download malware onto your system. Keeping all software, including printer drivers and other device drivers, updated can add a layer of protection.A managed print or network provider can ensure these updates are installed automatically as soon as they are released for increased protection against data theft.
- Have a Disaster Recovery Plan in Place
Having cybersecurity experts conduct an assessment of your current infrastructure and develop a competent Disaster Recovery Plan can help protect your mission-critical data in the event of fire, flood, theft, or data breach.Some approaches include having redundant backups and keeping data in a cloud-based environment where it can be easily restored in the event of a malware or ransomware lockout.
Your Cybersecurity Experts
With over 40 years of providing cybersecurity protection to businesses throughout the Pacific Northwest, Kelley Connect has the understanding and expertise to keep your business safe. Don’t let this year’s tax season ransomware cost you, reach out to Kelley Connect.
Our team of experts forges long-standing relationships with clients that enable them to more fully understand critical needs. Using the latest knowledge and tools, they can provide your network with the greatest possible level of protection and keep you on the cutting-edge of cybersecurity.
If your business needs state-of-the-art protection from IT security breaches, get in touch with one of Kelley Connect consultants today.