Paying and filing taxes is already annoying without the threat of refund fraud or identity theft. But phishing schemes, especially during tax season, have become so widespread that you’ve probably already received spoofed emails or calls during the last few years. To maintain the security of your business, you and your employees need to be extra cautious with the emails you receive at tax time.
Phishing baits to watch out for
Phishing attacks often consist of fabricated or compromised emails sent to finance/payroll or human resources employees that are made to look like they're from an executive in your company. The message might contain a request to forward employee records, including their W-2 forms, but that’s not all...
Another common scheme, which doesn’t only happen during tax season, involves getting a call from a person declaring to be an IRS employee. And no, caller IDs won’t save you because they can forge that, too. The phisher will inform you that you owe them cash from back taxes and they will threaten legal action if you don’t pay via credit card at that instant.
Always remember, the IRS will never contact you on the phone to let you know that you owe them money. And they certainly won’t threaten you or demand payment over the phone. If they really need to notify you of such matters, they’ll use the postal service and will give you a chance to discuss payment terms.
Standard protection protocols
Don’t worry, the usual security measures against these phishing scams are pretty easy to integrate into your business. Begin by developing a policy that bans the request of private details through email. If an employee ever requires such info, they should get in touch with the person directly, follow your established protocols for the transfer of sensitive information, and minimize the number of people involved in the transaction.
Taking security a step further
Data loss prevention (DLP) systems are also valuable weapons against these types of phishing attacks. They evaluate traffic going in and out of your company, such as web usage, emails and instant messages, and virtually anything sent on your network. DLP systems can filter out private details, including Social Security numbers, and stop them from being sent out.
But beware, DLP systems come with a minor drawback, as they can also block legitimate traffic, like when your accounting department sends tax info to your CPA. Fortunately, an MSP like us can properly segregate the good and the bad traffic to avoid confusing and/or frustrating your employees.
Phishing schemes may be a normal occurrence during tax season, but that doesn’t mean you can’t do anything about it. Don’t let the vulnerabilities in your business, particularly the human element, fall prey to cybercriminals. Send us a message right away and we’ll conduct an assessment of the security of your business, as well as design a risk management plan to help counter future complications.