How to Avoid the Latest Ransomware Scam this Tax Season

There’s hardly a source of funds or data that cybercriminals won’t go after, and as tax season gets underway, they’ve got tax refunds in their crosshairs. While the Internal Revenue Service (IRS) has been diligent at stopping hackers from stealing tax returns, cybercriminals are doing what they’ve always done – adapting to circumvent security. In 2020, the IRS warns tax filers to beware of novel hacking attempts, such as ransomware, to get their hands onto personal information and money.

Electronic filing of tax returns opened in mid-January 2020. Here’s the latest in tax season cybercrime and several tips for filing taxes safely.

How Hackers Are Using Ransomware During Tax Season

Although ransomware isn’t a particularly new tactic (it’s been around since 1989), it’s a lesser-known approach that continually surfaces in surprising ways. One of those ways involves how hackers steal personal information and refunds during tax time.

Ransomware targeting individual and business tax filings first surfaced in 2017. In the attacks, users received an email claiming that the IRS had authorized the FBI to investigate fraudulent tax filings. Users were encouraged to complete a form and return it to the FBI to verify their identities and tax information.

There was one catch: the email didn’t come from the FBI, and the form was phony. When users clicked on the link, they unwittingly installed ransomware onto their machines, which locked all files in exchange for a ransom sent to some email address.

Other tax-related ransomware attacks are more sophisticated. Last year, the IRS noted that dozens of fake tax filing sites had sprung up, which relied on ransomware to steal refunds. With these sites, users filled out their tax returns and submitted them as if all was normal.

The service then promptly froze the files and demanded a ransom for those tax returns, while submitting them with altered bank account information. Only after the tax return had been securely deposited into the criminal’s account and the ransom has been paid will the tax returns be “returned” to the user.

In most cases, the user then went on to file their tax returns like normal, only to be rejected by the IRS due to a duplicate filing. The IRS estimates that there around 649,000 fraud cases that stole $3.1 billion in tax returns in 2018.

Tips for Safely Filing Taxes

Although hundreds of thousands of individuals may have their tax information stolen, millions more file safely every year by adhering to a few basic safety practices. To safely file taxes, always make sure to:

1. Choose a Reputable Tax Filing Service

Many reputable services exist online – many are free, while others are paid. Always make sure that the chosen filing service is legitimate and secure. Every year, the IRS publishes a list of vetted filing options for individuals wishing to file electronically or in person. Before entering any personal information, make sure a chosen filing service is on that list.

2. Review and Strengthen Cyber Security Measures Before Filing

As the two examples above show, many cyberattacks targeting tax information involve malware or compromising the files on a computer in another way. A strong cybersecurity strategy can help prevent this. Therefore, review and strengthen a computer’s cybersecurity before filing. Make sure that all software is updated, properly configured, and able to detect the types of attacks criminals typically use.

3. Ask About the Cyber Security Defenses of a Chosen Preparer

Hackers don’t just target individuals. They also go after tax preparers like accountants, as the computers of these professionals likely have the sensitive information of multiple individuals housed on them. Before handing over a company’s financial details, ask what defenses a preparer has in place. Their response will go a long way to establishing whether they’re a safe, reputable service.

4. Inspect Communications From the IRS (or Government) with Care

Ransomware attacks aren’t the only type of fraudulent communication from cybercriminals during tax season. Treat any communication from the IRS or other government agencies with care. Remember that the IRS never:

  • Contact individuals or businesses by email, text, social media, or phone to discuss tax filings.
  • Demands payment in a specific form or immediate payment.
  • Threatens to bring the police or open an investigation.

File with a Smile: Safely and Securely

For many Americans, filing their taxes may mean sizeable refunds. For hackers, the season may mean several refunds acquired fraudulently. While the IRS has improved its ability to detect and thwart criminals in recent years, tax filers must remain diligent. Novel attempts to steal personal information or refunds, such as using ransomware, are on the rise.

Using a reputable tax service or professional is the best way to prevent the theft of personal information or a tax refund. However, even professional preparers aren’t immune to cybercrime. Before filing this tax season, take a moment to review the company’s current cybersecurity strategy. It may just be what guarantees a refund.

Smile helps companies implement the best cybersecurity strategies in their business with IT solutions and secure MFP’s. Get started now with a specialist.

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *