As part of National Tax Security Awareness Week this month, the IRS notes a surge in phishing scams aimed at stealing money or tax-related data.
The Security Summit – which consists of the IRS, 40 state tax agencies and 20 tax industry businesses – uses the week of awareness to highlight the current state of threats to the tax industry and to provide guidance to avoid becoming a victim.
Some of the findings impacting the tax industry include:
- Nearly double the number of tax-related scam incidents were seen by the IRS in 2018 compared to 2017
- A 29% increase in tax firms that have experienced a data theft
- A 60% increase in phishing attacks
Phishing has proven to be one of the most effective methods to commit fraud, data theft, hold data for ransom, etc. The Security Summit warns specifically of scams claiming to be from the IRS or from tax firms. Emails purporting to come from the IRS demand a payment or threaten to seize the recipient’s tax refund. Those involving tax firms seek to solicit personal, tax or financial information. Additionally, the Summit warns employers of similar scams impersonating employees.
Emails impersonating the IRS can be forwarded to firstname.lastname@example.org.
The IRS suggests the following steps to avoid becoming a victim of phishing:
- Be Vigilant – Employers and businesses providing tax services can best protect themselves from phishing attacks by educating employees with Security Awareness Training. Employees are trained on phishing tactics in order to heightened their sense of security, making it easier to spot a malicious email and avoid becoming a victim.
- Use Security Software – the use of email, web, and DNS scanning solutions can reduce the number of potentially malicious messages that reach an Inbox.
- Use strong passwords – the emphasis is on using unique passwords for each account used.
- Use Multi-Factor Authentication – when available, use MFA to better secure access to online applications, websites, and data.