Posts

How to Avoid the Latest Ransomware Scam this Tax Season

There’s hardly a source of funds or data that cybercriminals won’t go after, and as tax season gets underway, they’ve got tax refunds in their crosshairs. While the Internal Revenue Service (IRS) has been diligent at stopping hackers from stealing tax returns, cybercriminals are doing what they’ve always done – adapting to circumvent security. In 2020, the IRS warns tax filers to beware of novel hacking attempts, such as ransomware, to get their hands onto personal information and money.

Electronic filing of tax returns opened in mid-January 2020. Here’s the latest in tax season cybercrime and several tips for filing taxes safely.

How Hackers Are Using Ransomware During Tax Season

Although ransomware isn’t a particularly new tactic (it’s been around since 1989), it’s a lesser-known approach that continually surfaces in surprising ways. One of those ways involves how hackers steal personal information and refunds during tax time.

Ransomware targeting individual and business tax filings first surfaced in 2017. In the attacks, users received an email claiming that the IRS had authorized the FBI to investigate fraudulent tax filings. Users were encouraged to complete a form and return it to the FBI to verify their identities and tax information.

There was one catch: the email didn’t come from the FBI, and the form was phony. When users clicked on the link, they unwittingly installed ransomware onto their machines, which locked all files in exchange for a ransom sent to some email address.

Other tax-related ransomware attacks are more sophisticated. Last year, the IRS noted that dozens of fake tax filing sites had sprung up, which relied on ransomware to steal refunds. With these sites, users filled out their tax returns and submitted them as if all was normal.

The service then promptly froze the files and demanded a ransom for those tax returns, while submitting them with altered bank account information. Only after the tax return had been securely deposited into the criminal’s account and the ransom has been paid will the tax returns be “returned” to the user.

In most cases, the user then went on to file their tax returns like normal, only to be rejected by the IRS due to a duplicate filing. The IRS estimates that there around 649,000 fraud cases that stole $3.1 billion in tax returns in 2018.

Tips for Safely Filing Taxes

Although hundreds of thousands of individuals may have their tax information stolen, millions more file safely every year by adhering to a few basic safety practices. To safely file taxes, always make sure to:

1. Choose a Reputable Tax Filing Service

Many reputable services exist online – many are free, while others are paid. Always make sure that the chosen filing service is legitimate and secure. Every year, the IRS publishes a list of vetted filing options for individuals wishing to file electronically or in person. Before entering any personal information, make sure a chosen filing service is on that list.

2. Review and Strengthen Cyber Security Measures Before Filing

As the two examples above show, many cyberattacks targeting tax information involve malware or compromising the files on a computer in another way. A strong cybersecurity strategy can help prevent this. Therefore, review and strengthen a computer’s cybersecurity before filing. Make sure that all software is updated, properly configured, and able to detect the types of attacks criminals typically use.

3. Ask About the Cyber Security Defenses of a Chosen Preparer

Hackers don’t just target individuals. They also go after tax preparers like accountants, as the computers of these professionals likely have the sensitive information of multiple individuals housed on them. Before handing over a company’s financial details, ask what defenses a preparer has in place. Their response will go a long way to establishing whether they’re a safe, reputable service.

4. Inspect Communications From the IRS (or Government) with Care

Ransomware attacks aren’t the only type of fraudulent communication from cybercriminals during tax season. Treat any communication from the IRS or other government agencies with care. Remember that the IRS never:

  • Contact individuals or businesses by email, text, social media, or phone to discuss tax filings.
  • Demands payment in a specific form or immediate payment.
  • Threatens to bring the police or open an investigation.

File with a Smile: Safely and Securely

For many Americans, filing their taxes may mean sizeable refunds. For hackers, the season may mean several refunds acquired fraudulently. While the IRS has improved its ability to detect and thwart criminals in recent years, tax filers must remain diligent. Novel attempts to steal personal information or refunds, such as using ransomware, are on the rise.

Using a reputable tax service or professional is the best way to prevent the theft of personal information or a tax refund. However, even professional preparers aren’t immune to cybercrime. Before filing this tax season, take a moment to review the company’s current cybersecurity strategy. It may just be what guarantees a refund.

Smile helps companies implement the best cybersecurity strategies in their business with IT solutions and secure MFP’s. Get started now with a specialist.

What is Phishing and How to Keep a Network Safe

What is Phishing and How to Keep a Network Safe

The history of hacking goes back much further than most people suspect. In 1878 , Bell Telephone fired two teenage operators for disconnecting and redirecting calls to see how the technology worked. Some 103 years later, Ian Murphy – better known as Captain Zap – became the first convicted hacker. By the 2000s, hacking had gained a much more negative connotation as tactics methods of social engineering, such as phishing, allowed hackers to enter systems without the use of brute force.

Phishing is a hacker’s tactic which has gained notoriety since its creation in 1995. Today, it’s one of the biggest threats to corporate offices and small businesses alike. Cybercriminals are developing ever cleverer ways to trick employees into handing over credentials to access sensitive data, making it a difficult threat to counter.

Understanding phishing is the first step to devising a strategy to thwart its attempt. Read on to discover what phishing is and how to keep a network safe against it.

Phishing Explained

Phishing is a type of cyberattack which attempts to trick a person into handing over their login credentials to a company, service, or network. Typically, these attacks come in the form of a carefully disguised email. A cybercriminal crafts this email then sends it to a target who is known to use the service or network he or she is attempting to access.

What makes phishing so pernicious is that hackers typically have a strong familiarity with the service (and often the target) they’re attempting to trick. Rarely random, phishing relies on a level of social engineering not seen in other types of hacking attempts. Cybercriminals rely on this to slip past a user’s guard. Then, phishing emails often use the same design, format, and language as legitimate communications from a service. As a result, phishing emails can be incredibly difficult to spot.

Phishing is also particularly dangerous because of the popularity of mobile devices. In 2019, marketers estimate that 46 percent of all emails are opened on a mobile device like a smartphone. On such small screens, it’s more difficult to spot the telltale signs of a phishing attack. Together, these features combine to create a dangerous tactic which proves effective against inattentive employees.

Safety Tips to Avoid Getting Phished

Attentiveness when dealing with emails comprises the first line of defense against phishing attacks. To avoid getting phished, learn how to spot phishing emails, and make sure that employees are trained on these skills as well. These skills include:

1. Identifying URLs

Phishing attempts often rely on cloaked or very similar URLs which trick users into thinking that they’re going to the legitimate site. Train employees to pay attention to things like clever misspellings, or URL redirects which are masked by buttons or other links.

2. Understanding Communication Procedures

Make sure that the company has clearly defined communication procedures which include how, when, and why the company may send an email. Likewise, provide a list of login URLs for critical business processes and establish a policy of never asking employees to login to a service via an email.

Companies which rely heavily on cloud-based services like Salesforce or Amazon Web Services should consider establishing procedures for employees to confirm if an email they’ve received is legitimate. Encourage employees to contact IT if they suspect that an email is a phishing attempt – it not only helps employees avoid a cyber-attack but allows the IT department to create a catalog of attempts for deeper analysis.

3. Maintaining Security of Contact Info

Establish a policy which helps employees protect their private information. Encourage them not to list their work email, phone number, or other confidential information publicly on social media. This makes it harder for a cybercriminal to conduct a phishing attempt against them.

Prevent a Breach with Managed Network Services

Even when practicing the utmost diligence, it’s still possible for cybercriminals to sneak past security. That’s why many businesses today leverage managed IT and managed network services. These are third-party professionals who specialize in keeping networks secure and operational at all times. Managed network services can help prevent a breach due to phishing through:

  • 24/7 monitoring for unusual network activity.
  • Optimized security measures for email and host exchange servers.
  • Mobile security for company-issued devices.
  • Improved user authentication and access policies.
  • IT architecture solutions to protect data even if the network is compromised.

A managed network service provider is a smart choice when it comes to combatting phishing threats. With improved security, a business can stop a threat before it ever reaches a user’s inbox.

Smile Improves Business Security

Phishing remains a severe and damaging threat in the realm of cybersecurity. By tricking employees into handing over login credential, it’s harder to spot when an account has been compromised, or data has been stolen. That’s why every business should strongly consider deploying the expertise of a managed service provider. Data is valuable, and it deserves to remain safe.

Improve data security today and protect against phishing threats with a managed network service provider. Smile is thrilled to provide your company with the next generation of cybersecurity. Contact us today to get started.