As the saying goes… in this world, nothing is certain except death and taxes. Although it originated more than 200 years ago, this notion still stands true today, but now holds even more of a burden and complexity to it thanks to hackers and their ever-present quest to steal your identity.
As Tax season arrived, so did the scams both new and recycled. The IRS has warned that tax scams have become ‘very active and very creative’. Tax scams happen year-round, but they tend to increase in volume and intensity during tax season. 1 in 8 users falls for Phishing scams and over 85% of companies fall victim to Phishing related attacks in 2020, tax phishing e-mail scams are a new certainty.
Cybercriminals will never, run out of crafty schemes and ingenious ploys to siphon a buck from any victim they can reel in. These clever thieves know that specifically targeting business owners and executives can net them the biggest benefits with their access to bank account information and highly sensitive employee data.
Staying vigilant looking out for these ploys means being skeptical of any e-mails appearing to come from state or federal tax agencies, or accounting software vendors asking you to take urgent action or asking you to provide the password, bank account, or employee W2 information.
This type of fraud employs many clever techniques brought about by “social engineering” (the use of deception to manipulate individuals into divulging confidential or personal information that may be used for fraudulent purposes) to identify key employees and send emails directly to them and attacks are 10 times more likely to produce a victim if the target answers an initial probe email, such as “Are you at your desk to make a payment?”
Untrained employees will open and take some action with a bogus phishing email 30% of the time. That is why cybersecurity and phishing training is so important for ALL employees in an organization. Statistics show that after going thru training including being subjected to bogus emails sent to test and see if people respond, only 2% of employees will interact with a bogus email. Once they know about and understand the danger, they rarely fall for these types of attacks anymore. Access our Social Engineering Red Flad – Quick Guide HERE.
There is one problem with training though… many corporate leaders, who are often the targets of phishing fraud, order such training but don’t take it themselves, perhaps believing that they are too busy or that they are too smart to fall for such schemes.
Bottom line… if you ever get this kind of request, always double-check by CALLING that person to confirm, and even if it turns out to be a legitimate request, you should NEVER send confidential information, like social security numbers (or attachments with this information inside of them), without taking precautions to password-protect and encrypt the message first.
Remember, if it ever doesn’t seem right, it probably isn’t. By remaining vigilant and using your cyber-smarts, you can greatly reduce your risk of suffering a cyberattack. To help you stay cyber-smart, sign up to attend our quarterly Cybersecurity webinars focused on how to identify and prevent you and your firm from falling victim to Phishing Scams. Register today to keep you and your employees up to date on the latest threats and precautions you can take to survive the cyber jungle.
Every day, your business depends on information technology (IT) to operate. Thank you for letting us be there for you. Braver Technology Solutions | WeMakeITWork@BraverTechnology.com
Boston 617.315.8515 | Taunton 508.824.2260 | Providence 401.484.7900