Tax season, while a necessary part of life, is a prime opportunity for cybercriminals to exploit vulnerabilities and steal sensitive information. Given the alarming increase in tax-related cyberattacks, awareness and proactive protection is essential now more than ever. OverTraders.com hopes to bring attention to these dangers. It provides tangible ideas for keeping those most at risk — like our seniors and low-income families – safe and secure.
Last year, the Internal Revenue Service (IRS) exposed a whopping $5.7 billion in fraudulent tax schemes. This sum is more than twice what we heard about in 2021! This horrific rise underscores the immediate imperative for us to act. People and businesses alike need to remain hyper-aware and educated on the constantly changing methods used by these cybercriminals. As you know, tax season is a criminal “high season” for data theft. This is a time when tons of personally identifiable information (PII) is exchanged, as we near Tax Day of April 15th. This creates a perfect environment for bad actors to take advantage of people’s confidence to wreak havoc for their own financial gain.
Why Cybercriminals Target Tax Season
Several factors make this season ultra attractive to cybercriminals. The enormous concentration of sensitive data makes the lures for exploitation a jackpot. When you add long, urgent deadlines and an explosion in communication activity, it compounds the problem.
High Volume of Sensitive Data
During tax season, there’s an increase in exchanges of sensitive data. These are things like Social Security numbers, addresses, income data, and bank account information. To cybercriminals, this information is like the jackpot. They turn around and use it to commit identity theft, financial fraud, and other dangerous, nefarious activities. Protecting Employee Data Employee data, often kept on shared drives or a distributed network, becomes even more susceptible during this time. Truthfully, it’s the concentration of this data that makes tax season such a tempting target for data breaches.
Urgent Filing Deadlines
In the rush to meet upcoming tax filing deadlines, hurried employees inevitably make mistakes and oversights. Consequently, people and businesses are increasingly vulnerable to fraud. Cybercriminals capitalize on urgency. Cybercriminals create phishing emails that look legit and are highly convincing. They even build fraudulent websites that coerce victims into disclosing sensitive personal data. Filing records. The IRS warns that tax season leads to last-minute deadlines and an influx of third-party mail. This frenetic atmosphere invites mistakes and provides targets to cyber criminals.
Increased Communication Activity
The volume of emails and phone calls from tax resources, including Certified Public Accountants (CPAs), the IRS, and Human Resources (HR) departments, increases significantly during tax season. This unprecedented uptick in communication activity provides a ripe opportunity for cybercriminals to attack with new phishing scams and phone scams. As a result, people find it hard to distinguish between real and fake communications. Threat actors are quick to capitalize on this increased activity. They understand that at tax time, individuals are more apt to read their emails and pick up their phone for a call related to taxes.
Resource Limitations
Many individuals and organizations, especially those with limited resources, may lack the necessary cybersecurity infrastructure and expertise to effectively protect themselves against tax-related cyber threats. This vulnerability renders them more attractive targets for malicious cyber actors who are always creating new and advanced ways to attack. For federally-affiliated groups, it is particularly important that they work to find low-cost and easily-accessible resources to improve their security posture.
Tactics Used by Cybercriminals to Exploit Tax Season
Take for example the Cybercriminals’ tactics to exploit vulnerabilities during tax season. They run phishing scams and impersonate as fraudulent tax preparers to defraud people. Knowledge of these deceptive tactics is key for you, your family, your friends and your organizations to keep yourselves safe.
Selling Personal Information (“Fullz”)
Cybercriminals often use social engineering to prey on people to harvest personal information. This stolen data, referred to as “Fullz,” contains names, addresses, Social Security numbers, dates of birth, and other identifying information. Often, criminals turn around and sell this data, provided from the breach or hack, via the dark web. Then it is used by others for identity theft, credit card fraud, and other criminal acts. Protecting personal information is the first step towards preventing this kind of manipulation.
Phishing Scams
Phishing scams are one of the most common tactics that cybercriminals use during tax season. Scammers commonly use phishing emails or bogus fake websites claiming to be the IRS or a tax software provider. They lure victims into entering sensitive information or account details. These emails are commonly written in high-pressure or manipulative and emotional language, intended to prompt prey into knee-jerk reaction. As always, it’s important to scrutinize the sender’s email address and website URL before sharing any information.
Impersonating Fraudulent CPAs
Other cybercriminals pose as fake CPAs or tax preparers to steal sensitive financial data. They might provide other aggressive and misleading tax advice or guarantee inflated refund amounts to reel in unsuspecting victims. The third sign of legitimate tax preparers is that they should possess a Preparer Tax Identification Number (PTIN) verified by the IRS. Make sure you check the credentials of any tax preparer before you give them access to your future financial information.
Submitting False Tax Information
Cybercriminals can try to file fraudulent tax returns with the IRS using these stolen identities to receive phony refunds. The IRS cautions that the agency will flag your tax refund until it can establish your wages, income, or withholding credits. They’ll do a more thorough review before sending out your refund. In the meantime, this can lead to mammoth delays and added dangers for law-abiding filers.
Claiming Ineligible Tax Credits
Fraudsters could deceive taxpayers into believing they are eligible for tax credits they aren’t truly entitled to. Specifically, the Credits for Sick Leave and Family Leave were made available to self-employed people in tax years 2020 and 2021, but are not allowed for subsequent tax years. Like this, they can facilitate fraudulent False Fuel Tax Credit claims, misleading taxpayers into thinking they’re eligible when they are not. Tax credits are complicated, and you should always work closely with a qualified tax professional to establish eligibility for any available tax credits.
Offer in Compromise “Mills”
These are typically fly-by-night businesses that aggressively market their services. They promise to negotiate taxpayers’ unpaid taxes down to pennies on the dollar with the IRS. Usually these mills undercut the market with unrealistic promises, just to shovel on the massive fees that actually cost taxpayers far more than before. Taxpayers need to be on guard with any OIC company that promises or guarantees you’ll succeed with your OIC.
Safeguarding Your Organization Against Tax Season Threats
To ensure your nonprofit is defending itself from a tax season attack, you need a comprehensive strategy. This plan should include effective cybersecurity protections and extensive training of your staff.
Implementing Security Measures
Organizations should implement several security measures to protect against tax-related cyber threats:
Multi-Factor Authentication (MFA): Implement MFA for all critical systems and applications to add an extra layer of security.
Endpoint Detection and Response (EDR): Deploy EDR solutions to detect and respond to threats on endpoints, such as laptops and desktops.
Network Segmentation: Segment the network to isolate sensitive data and prevent lateral movement by attackers.
Regular Security Audits: Conduct regular security audits to identify and address vulnerabilities in the organization's infrastructure.
Employee Training and Awareness
Workers need to be educated to spot phishing emails, know how to detect a dangerous site, and adhere to strong security principles. An ongoing campaign of reminder materials and education about the most current threats is a great way to keep employees alert. Training should cover topics such as:
Identifying phishing emails and suspicious links
Protecting personal and financial information
Reporting suspicious activity to the IT department
Following password best practices
Additional Schemes to Watch Out For
Beyond the tactics mentioned above, there are more taxpayer-swindling schemes that taxpayers should be on the lookout for this tax season.
Common Abusive Tax Schemes
Overall, the IRS issue a list of the top ten tax scams that are occurring right now for taxpayers to be on the lookout for. Such schemes typically consist of complicated financial transactions or legal loopholes that are specifically created to dodge tax payments. Some examples include:
Offshore Tax Evasion: Hiding income or assets in offshore accounts to avoid paying taxes.
Conservation Easement Syndications: Using inflated appraisals of conservation easements to generate excessive tax deductions.
Micro-Captive Insurance Companies: Improperly using captive insurance companies to shield income from taxes.
Recognizing Fraudulent Tax Preparers
Fraudulent tax preparers may engage in various schemes to defraud taxpayers, such as:
Inflating Deductions: Claiming deductions that the taxpayer is not entitled to.
Creating False Income: Reporting false income to qualify for tax credits.
Stealing Refunds: Diverting the taxpayer's refund to their own account.
Legitimate preparers should have a Preparer Tax Identification Number (PTIN). Taxpayers should look to a preparer’s credentials and references before trusting them with their personally identifiable information.
Reporting Fraudulent Activities and Preparers
Reporting fraudulent activities and IRS preparers protects you and others from tax-related scams.
How to Report Abusive Tax Schemes
Taxpayers and tax practitioners alike can report fraudulent or abusive tax schemes to the IRS Whistleblower Office for a potential cash reward. The IRS Whistleblower Office works to root out violations of tax law. Submit the info that leads to collection of unpaid taxes and you might win a cash bounty!
Resources for Reporting Fraud
Several resources are available for reporting tax fraud:
IRS Whistleblower Office: For reporting abusive tax schemes and tax law violations.
For reporting scams involving someone impersonating the IRS.
Federal Trade Commission (FTC): For reporting identity theft and other types of fraud.
Enhance Your Protection This Tax Season with Flashpoint
Tax season is a vulnerable time for taxpayers and nonprofits alike. Understand the techniques cybercriminals are using to exploit victims. Follow these simple steps to protect yourself from tax-related scams. At OverTraders.com, we want you to be educated, aware, and proactive in protecting your sensitive, personal data.
LifeLock detects and alerts people to possible identity threats, and its dedicated Identity Restoration Specialists help people restore their identity if they do become a victim. Taxpayers and tax practitioners alike can submit below-the-radar, meaningful information to the IRS Whistleblower Office to be considered for a sizable monetary award. Scams that come through the mail are just as dangerous. Scammers are currently mailing counterfeit letters or notices to taxpayers in an attempt to defraud them of their personal information. Flashpoint protects your organization’s assets, data, infrastructure, and personnel from the most dangerous threats both online and off.
