With tax season upon us, cyber-criminals have begun focusing new tax-related scams towards employers and employees using social engineering techniques. Social engineering is at the heart of the two most common cyber-scams plaguing businesses and individuals today: Ransomware and phishing scams.
The IRS is warning the public of this latest phishing scam: a variation on a technique known as spearphishing. Most phishing attempts appear as though they’re being sent from a trusted source or company, in an effort to get the recipient to let down their guard. Spearphishing is a little more sophisticated, sending emails that appear to be from within your own company from people you already trust in management positions or from human resources.
“The IRS saw a big spike in phishing and malware incidents during the 2016 tax season. New and evolving phishing schemes have already been seen this month as scam artists work to confuse taxpayers during filing season. The IRS has already seen email schemes in recent weeks targeting tax professionals, payroll professionals, human resources personnel, schools as well as average taxpayers.”
-Internal Revenue Service, IRS.gov
How the Phishing Scam Works:
Cyber-criminals use various spoofing techniques to disguise an email to make it appear as if it was from an organization executive. The email is sent to an employee in the payroll or human resources departments, requesting a list of all employees and their W-2 Forms.
In some cases, the cybercriminal follows up with an executive email to the payroll or comptroller and asks that a wire transfer also be made to a certain account. Although not tax-related, the wire transfer scam is being coupled with the W-2 scam email, and some companies have lost both employees’ W-2s and thousands of dollars due to wire transfers.
“This is one of the most dangerous email phishing scams we’ve seen in a long time. It can result in the large-scale theft of sensitive data that criminals can use to commit various crimes, including filing fraudulent tax returns. We need everyone’s help to turn the tide against this scheme.”
-John Koskinen, IRS Commissioner
How to Avoid Theft:
The IRS suggests users should remain vigilant and use caution when searching for tax help online. For more information about the scam and how you can protect yourself, check with IRS.gov. To better protect yourself, it may be a good idea to learn more about how to spot a phishing email.
Clare Computer Solutions provides onsite training to businesses to educate network users on how to avoid being victimized by ransomware or phishing.
By utilizing education and safeguarding systems, you can protect your staff and management team from making such a costly mistake. Using advanced techniques in email filtering, group policies, employee education and endpoint protection, your company data will be safer. To find out exactly how we can protect your business and what you can do to prevent your personal data from being stolen, contact us today.
See https://www.clarecomputer.com/events/ and let us know if your business would like to offer this training to your employees.