Concentric Commentary


2 Minute Read

Tax season is in full swing and with every new tax season cybercriminals set their sights on lucrative tax returns that can be filed fraudulently.  Here are some practical tips on how you can help combat tax fraud, both individually and for your business.

 

Tips for Businesses

Payroll and HR departments are prime targets for Business E-mail Compromise (BEC).  Because these two departments typically have information related to employees personal information (e.g. SSN’s and W2’s) it is imperative that folks in these respective departments stay vigilant during tax season.

  • Carefully examine any e-mails asking you to click on links by checking the sender name, hovering over links to examine the destination URL, and spotting any e-mails that have a sense of urgency (e.g. click now or else your account will be suspended, etc.)
  • Payroll systems should leverage strong security controls because of the value of data housed within these systems.  Multifactor Authentication, or even better, Single-Sign-On can help add an additional layer of security to these high value systems.
  • Conduct regular Security Awareness Training in your company to help raise the level of awareness about phishing and cyber attacks.

Tips for Individuals

What about you, the individual?  What can you do to combat fraudulent tax returns filed with your information?

  • File your taxes as soon as possible.  As soon as the IRS begins accepting tax returns, cybercriminals begin their fraudulent tax filing campaigns.  Cybercriminals will have a harder time filing a tax return with your info if you’ve already filed your taxes.
  • Get an Identity Protection Pin (IP Pin) from the IRS to help combat fraudulent tax returns filed with your info.  In order to file a tax return, the correct IP Pin needs to be entered to file electronically and tax returns physically filed will undergo additional scrutiny by the IRS.
  • Be mindful of any e-mail links claiming to be offers for discounted tax software or tax services.  If you get your W2 electronically, only access this by going directly to your payroll portal as opposed to clicking on a link in an e-mail.

 

While it is impossible to completely prevent tax fraud, you can make it harder for cybercriminals to use your information maliciously.  Above all else, stay vigilant and give suspicious tax-related e-mails a careful examination to ensure it’s not a targeted phishing e-mail.

 

Have additional questions or need a cyber risk audit? Never hesitate to contact us

 

José-Miguel Maldonado

José-Miguel Maldonado

José-Miguel leads Concentric’s internal InfoSec team, as well as Concentric Cyber. With over 20 years in the tech and cybersecurity space, he has a unique ability to integrate Information Security with all departments to achieve operational efficiencies, risk mitigation, and a culture of responsibility and awareness. He serves on the board of Cybersecurity NonProfit (CSNP), is heavily involved in Diversity, Equity, Inclusion (DEI), is a published thought leader in the cybersecurity space, and is a frequent speaker on panels, webinars, and security events.