Time to Tighten Up Cybersecurity to Fight Tax Fraud

We’ve described cyber criminals as opportunists many times. They’re adept at leveraging big events―from natural disasters to holidays―to their advantage. Like it or not, tax season is one such event that shows up on our calendars at the same time every year and, unfortunately, has become an increasingly lucrative window of opportunity for fraudsters.

Now that we’re into tax season, cyber criminals are looking to steal personal information, tax documents, file fraudulent returns in victims’ names, and/or demand unnecessary payments with false threats of Internal Revenue Service (IRS) action due to outstanding tax bills. Fraudsters have masterfully preyed on people’s fear of the IRS to steal their identities and money. With data breaches occurring on an almost-daily basis, these thieves have ample information about you at their fingertips to make their scams seem credible.

Impact of Tax Fraud is Far Reaching
During the 2018 tax filing season, the IRS received five to seven reports per week from tax firms that had experienced a data theft. Through Nov. 5, 2018, the IRS received 234 reports for the year. That’s a 29-percent increase from the 182 reports received during the same time in 2017. Generally, these are reports filed by firms, which means hundreds more tax practitioners and tens of thousands of clients are affected. This increase represents a significant trend in tax-related identity theft, and it’s a sign that tax professionals, in particular, must take stronger measures to safeguard their clients and their business.

Outside of tax and accounting firms, there are other types of companies that produce or handle tax-related information that are also at risk:

• Payroll and benefits providers;
• Banks;
• Mortgage companies;
• Investment and securities firms; and
• Any enterprise with internal payroll, HR and benefits departments (where W-2s and other tax forms are generated in-house)

In total, the IRS caught nearly $10 billion in tax fraud in fiscal year 2018. Unfortunately, identity thieves, hackers, and cyber criminals show no signs of slowing down. And, they’ll use multiple schemes to try and get access to personal information.

Typically in the run-up to and through tax-filing season, there is a striking increase in phishing, email and malware attacks. Professionals should be wary of unsolicited emails, text messages, social media posts or fake websites that may prompt them to click on a link or share valuable personal and/or financial information. Online criminals can then quickly turn around and use this information to file bogus tax returns, poach financial accounts and/or commit other forms of identity theft. Additionally, unfamiliar links or attachments can contain malware―viruses, spyware and other unwanted software that gets installed on a computer or mobile device by cyber attackers―designed to cause extensive damage to data and systems or to gain unauthorized access to company networks. A peek inside last year’s malware attack at a popular tax software company is indicative of the broad impact a cyber incident can have during tax season.

Three Steps to Tackle Tax Fraud

• Train and Educate Employees: Human error will continue to drive data breaches so make sure both you and your company employees stay up to date on the latest security threats. Take actions to educate your staff about how to handle suspicious emails and critical company data. Help them discern what is normal and what is not.
• Utilize Multi-Factor Authentication (MFA): Multifactor authentication is one of the most effective ways to securely manage access to sensitive data and personal information. While the basic concept is simple, the benefits are great. With multiple layers of authentication in place, hackers can be proactively prevented from accessing company accounts, data, networks and systems―even if they have somehow obtained a single password. The most sophisticated solutions also combine behavioral profiling, device identification and calculated risk factors to automate the authentication process in a transparent yet powerful manner. Should a login attempt be deemed suspect, adaptive authentication options spring into play to provide robust protection that’s hard to bypass-no matter how seasoned the criminal.
• Establish a Back-Up and Recovery Data Plan: While it may seem obvious, this is a proactive stance that many companies overlook. You should have a set system that automatically backs up data on a regular basis. Similarly, you should make sure your network is set to automatically check for the latest updates to make sure your company is always protected. This includes programs as well as antivirus programs that can identify and block ransomware and provide real-time protection against software threats like viruses, malware and spyware across email, apps, the cloud and the web.

Benjamin Franklin was right when he said, “In this world nothing is certain but death and taxes.” And, as more tax data and tax-filing processes go online, it will also be a certainty that cyber criminals will continue to take drastic measures to access that information for their own personal gains. So, there’s no better time than now to tighten up your cybersecurity to fight tax fraud.