With the IRS cracking down on tax refund fraud, hackers are developing new and sophisticated ways to scheme taxpayers out of their hard-earned money. Cyber-criminals are more determined than ever to get to your money, are you prepared?
Businesses, individuals and accountants must stay vigilant for cyber-criminals when handling sensitive information. It is important for all taxpayers to educate themselves on the latest tax fraud schemes to avoid falling victim.
Last tax season, the Internal Revenue Service (IRS) reported that approximately $46 million was claimed in fraudulent refunds, and there were 2,204 confirmed falsified tax returns involving identity theft.
As data breaches continue to rise, the flood of Personally Identifiable Information (PII) continues to flow into the wrong hands. What happens if a hacker infiltrates your business and gets their hands on sensitive financial information? They hit the jackpot by impersonating the tax identity of your employees and clients/customers.
In response to the increase in tax fraud, the Security Summit was born. It consists of the IRS, state tax agencies and the tax community, including tax preparation firms, software developers, payroll and tax financial product processors, tax professional organizations and financial institutions. This is a big step forward to guard against threats during tax season, but there are only so many fraudulent activities that they can catch.
This tax season be on the lookout for the following:
Scammers are notorious for sending out phishing emails this time of year, hoping to capture W-2 forms from organizations.
Opening email attachments from the wrong person, is the most common way that systems are compromised. When opened, these attachments can give hackers complete control of your machine and in turn, control over other machines in your environment, servers and networks.
Below are a few guidelines to follow as it relates to email attachments:
- Don’t open “surprise attachments” (something that you are not expecting).
- If you don’t know the person sending the attachment, don’t open it.
- Only open attachments with recognizable file extensions, i.e., excel, word (avoid .exe, .pif, .scr, .docm, .lotterywinner, etc.)
- Don’t open attachments to emails that appear incomplete, incoherent, or simply “look wrong.”
- Zip and PDF files should be looked at with scrutiny prior to opening as they are key players in transferring malicious content.
- If you are unsure of the attachment, don’t open it.
Criminals Trying to Gain Access to Your IP Pin
An Identity Protection Pin (IP Pin) is a six-digit number issued by the IRS to verify the identity of the taxpayer when submitting a tax return. The IP Pin is not mandatory, but it does provide an additional layer of security when filing. It is extremely important to protect your pin and not share it with anyone except a verified taxpayer who is completing your return.
Based on how much of your personal information is made accessible or stolen (social security number, email address, date of birth, etc.) a criminal can contact the IRS to try and obtain a new IP Pin. Be vigilant in protecting your personal information even if it means removing your birthdate from your Facebook account.
If you are eligible for a pin, you must use it on your filings or the IRS will reject your paperwork. The pin will renew automatically every year so it is important to look out for the CP01A notice containing the IP Pin. If you lose your pin or you do not receive your CP01A notice, you must notify the IRS immediately.
Fraudulent Tax Preparers
Some of us walk into an H&R Block and sit down with the first person available to file our tax returns. Regardless of where you file, it is important to always ask your tax preparer to provide their Preparer Tax Identification Number. This is required by the IRS for all tax preparers. Do not provide any sensitive information to anyone until this is verified.
In conclusion, be wary of email attachments from people pretending to be a trusted source and always double check the email address from the sender. If it appears to come from someone you know, click on the name to determine whether or not the actual email address is legitimate.
Be cautious when storing or sharing any personal identifiable information. Use your IP Pin on all filings and put measures in place to safeguard that code. Lastly, even if you think you know your tax preparer, make sure you take the measures necessary to ensure that they are a trusted source.
Contact The TNS Group today to discuss security options for your business!