It's Tax Season (with an extra month extension for COVID) which means its also the season for tax scams.
The IRS has published a list of its "Dirty Dozen" list of tax scams with a special emphasis on aggressive and evolving threats around COVID and stimulus payments.
"Tax scams tend to rise during tax season or during times of crisis, and scam artists are using pandemic to try stealing money and information from honest taxpayers," said IRS Commissioner Chuck Rettig. "The IRS provides the Dirty Dozen list to help raise awareness about common scams that fraudsters use to target people. We urge people to watch out for these scams. The IRS is doing its part to protect Americans. We will relentlessly pursue criminals trying to steal your money or sensitive personal financial information."
Education is key when it comes to staying safe on line. As a technology company, we help businesses establish a safe baseline for cybersecurity, but it's always important to remember that security begins and ends with human security. Security awareness training is just as important as antivirus software and firewalls. The more you and your team know about the latest scams, the less likely you are to fall for them.
Here are a few highlights from the most recent report:
- Phishing - These are fake emails and websites designed to look like official IRS sites. The IRS will never initiate contact with taxpayers via email about a tax bill, refund, or economic impact payments. Think before you click! Many scams are well-crafted to look like the real thing.
- Social Media Scams - Social media users share a lot of information on line, and criminals can use that information for a wide variety of scams. The message you think is coming from a trusted friend, could be a fake.
- Offer in Compromise - Beware of misleading tax resolution companies that exaggerate the chances to settle tax debts for "pennies on the dollar"
- Payroll and HR Scams - Tax professionals, employers, and taxpayers need to be on guard against phishing emails designed to steal Form W-2 and other tax information. This type of scam is also known as Business Email Compromise (BEC) or Business Email Spoofing (BES). The criminal may have access to a compromised email account, or may simply "spoof" the sender. There are so many different variations of these types of threats. The sender can ask for a sensitive tax form for identity theft, or a wire transfer request or gift cards. Just because the email looks like it is coming from a trusted person, doesn't mean that it actually is.
- Ransomware - This is a fast growing area of cybercrime. In this case, opening an attachment or clicking on a link can trigger malware to be installed on your computer. With ransomware, your files will be encrypted and basically held hostage for money (ransom). It's important to know that initially you may not notice anything wrong with your system, as it takes a while to encrypt your files in the background. Stay alert, and invest in "detect" and "respond" technology, and a robust data backup is key for recovery.
We strongly recommend creating a culture of cybersecurity awareness within your small business. Even a simple approach like spending 15 minutes talking about security issues like this in your monthly staff meeting will make a difference. If you're interested in a more comprehensive approach, Ekaru offers a cybersecurity awareness training platform at an affordable price for small business. Call us any time for a demo, or check out our website for more information.
Additional Resources:
- List of previous years "Dirty Dozen" reports from the IRS Website.
- File a complaint with the FBI IC3 (Internet Crime Complaint Center).
- Cybersecurity Awareness services available from Ekaru.