Common Tax Season Cyber Crimes
The tax season is already such a stressful moment of the year for both businesses and the individuals looking to properly account for their financial assets. It’s that time of year when the accounting departments at businesses get busier than ever! However, this is also the time of year when cyber criminals take to the internet and attempt to take advantage of the confidential information being used to file taxes. Tax season cyber crimes are an evolving threat that is becoming much more popular.
Why is Tax Season so popular for cyber crime?
To better understand why tax season is such a hot season for hacking, let’s examine the nature of tax season. This is often the time where tax employees in both the public and private sector are working more than regular hours to satisfy the needs of their clients. As a result, an immense amount of information is being both sent and received to offices. This creates an environment where there is an assumption of security and that data is safe. It’s not uncommon for tax employees to feel fatigued and overworked which may also lead to an ongoing element of security vulnerability. Cyber criminals are completely aware of the situations and preyful opportunities to steal this information and benefit.
Common Techniques Cyber Criminals Use
It’s extremely common to receive W-2 documentation from your employers this Spring season. This common tax document helps to summarize all the earnings and help claim the tax return money you might be receiving. This documentation package includes crucial personal information including home address, salary breakdown, and most importantly your social security number.
Cyber criminals are notorious for intercepting this information and leveraging your social security number to re-route your tax refund. Once the refund is sent to the wrong recipient, it is quite difficult to make amends and have the funds returned. As a result, we’ve seen employers switch to enhanced-security mailers, but even with these features, it’s safer to err on the side of caution.
According to the official IRS resource center:
For your paper refund check, here are the IRS mailing addresses to use based on the city (possibly abbreviated). These cities are located on the check’s bottom text line in front of the words TAX REFUND:
- ANDOVER – Internal Revenue Service, 310 Lowell Street, Andover MA 01810
- ATLANTA – Internal Revenue Service, 4800 Buford Highway, Chamblee GA 30341
- AUSTIN – Internal Revenue Service, 3651 South Interregional Highway 35, Austin TX 78741
- BRKHAVN – Internal Revenue Service, 5000 Corporate Ct., Holtsville NY 11742
- CNCNATI – Internal Revenue Service, 201 West Rivercenter Blvd., Covington KY 41011
- FRESNO – Internal Revenue Service, 5045 East Butler Avenue, Fresno CA 93727
- KANS CY – Internal Revenue Service, 333 W. Pershing Road, Kansas City MO 64108-4302
- MEMPHIS – Internal Revenue Service, 5333 Getwell Road, Memphis TN 38118
- OGDEN – Internal Revenue Service, 1973 Rulon White Blvd., Ogden UT 84201
- PHILA – Internal Revenue Service, 2970 Market St., Philadelphia PA 19104
False message from “Accountant” or “Attorney”
There’s a good chance you or someone from your organization will be in contact with professionals in accounting, legal matters, and human resources. Tax season never falls to exemplify the leak of communication between departments, which could serve as a major security vulnerability in the employment hierarchy.
It’s a good security habit to ensure you’re communicating with the authentic individual and not an imposter trying to steal such information. Imagine a scenario where you are exchanging emails with an accountant manager, and rarely communicate with this person the remainder of the year. Are you familiar with their job function/role and guarantee the person is who you are trying to communicate with? If you’re ever suspicious or unsure, it’s best to ask higher management to authenticate their identity.
Be sure you and your accountant have a way to double check authenticity if they ever receive an email regarding changing the bank account where to receive your refund. A threat actor can easily pretend, or appear, to be you, with a simple request to change your bank account. Have your accountant require a secret password, as well as confirm via calling you at a phone number they already have on record for you. This way if it isn’t you, you can stop the process before any money is lost.
Suspicious office calls
Many people are familiar with the infamous fake IRS calls that make rounds every tax season. These calls trick unsuspecting victims like the elderly into sending a wire transfer of funds to these extortionist groups. In recent years, these scans have become much more elaborate and “professional” with intricate capabilities and believable mannerisms. However, there is a rise in “Vishing” in which the cyber criminal uses the phone to deceive the business.
During a Vishing attack, a seemingly authentic phone call or message is delivered to the victim and manipulates a request for a home address, email information, and other important info. With the introducing of AI (Artificial Intelligence), hackers can program a message to personally identify you by name, which will increase the authenticity and you might fall into this trap These voice messages can also take on the location & business name in the Caller ID by using voice IP to mask the real geolocation.
Malicious “Tax Refund” Apps & Services
In general, during this season, you’ll receive lots of messages and advertisements promoting various services which can help increase your tax deductibles and maximize your return. These ads are littered on mobile app stores, commercial websites, and mixed into email inboxes. Major brands like Turbo Tax and H&R Block are trusted sources for recovering tax finances during this season, albeit their high expense.
Don’t be misled into suspicious & dishonest tax refund services with little to no credibility. They might have a more reasonably advertised accounting fee, but the privacy and security of business information might be in jeopardy to become compromised. It’s easy to be misled with fake reviews and other fraudulent marks of credibility that can easily be generated in the perpetrators interest.
If you or your business might be the victim of a cyber crime, is recommended to report the incident to the US Department of Homeland Security Cyber-Infrastructure at https://www.us-cert.gov/report