Best PracticesCyber SecuritythinkIT News

Beware of “Phishy” Emails This Tax Season

By January 26, 2017 No Comments

This year, tax season opens on January 23, which means a surge in hack attacks is right around the corner. With four out of five taxpayers now filing for returns electronically, according to the IRS, more people are entering their personal information – such as their social security number or bank account information – online than ever before. With a breach in a company’s network, hackers can then easily access and use this information to file false tax returns and steal any or all of the employees’ refunds.

Phishing emails are one of the top causes of data breaches throughout the season. Although people are now more aware of hack attack strategies, cybercriminals continue to evolve their phishing tactics, making it difficult for the average employee to discern which emails are legitimate and which are not. “Spear phishing” is a particularly common type of hack attack throughout the several months of tax season. This form of phishing is much more targeted and personalized. Each hacker who employes this method spends a significant amount of time researching their targets to create highly customized emails that appear much more legitimate and are much more likely to be clicked on.

 To prevent your company from becoming a victim of these hack attacks, check out our list of tips and tricks to help all employees figure out what’s real and what’s a scam:
  1. Ensure that all employee social media pages are private. Social media pages are the first place a hacker will look to begin gathering information for their attack. By making each social media account private, however, the cybercriminal will not have the opportunity to gather the information they need to create a personalized attack.
  2. Beware of time limits. In many (but not all) cases, a “phishy” email will contain a time limit. For example, a fake email from your bank may state that if the person does not click on the enclosed link within 24 hours, then he or she will be locked out of their account. Do NOT click on the link. Instead, call your bank to verify that the email did not come from them and report and delete the email once this is confirmed.
  3. Do NOT open email attachments from unknown addresses. By clicking on an email attachment from an unknown address, an employee can put the entire company’s network at risk. In most cases, this will give the hacker exactly what he or she needs to begin filing for employee tax returns.
  4. Use a private network to file for tax returns. When you make a transaction on a public Wi-Fi network, any criminal can easily access the transferred information. Remember: this includes phones and tablets too!
  5. Make sure to search safely. With more people catching on to malicious email attachments and faulty links, ID thieves have begun to manipulate search engine results to lure more traffic towards their fake websites. For tax return information, make sure to type in IRS.gov yourself to prevent any hackers from stealing valuable information.
  6. Update and re-update the company’s security methods. The best way to understand if your company’s information is secure is by assessing all risks of exposure. To do this, sign up below for a free security checkup.

No matter which measures you take to prevent phishing, it’s important to keep your identity protected this tax season. For more information on how to secure your technology from hack attacks, contact one of our tech specialists today and sign up for a security checkup below.