Cyber Oregon News Roundup: 14 Tax Scams, 5 Common Attacks to Small Business, and a Cybersecurity Quiz?
Ah, tax season. With an extra month to file taxes in 2021, this means extra time for more scams. As if tax time isn’t stressful enough, add in scammers who prey on individuals and small businesses — trying to steal your information or money. Here are the top 14 tax scams that are prevalent right now, according to Business2Community.com:
- Phishing — Phishing is when one party, who isn’t who they claim to be, tries to take information from someone else through trickery. In a tax scam, someone may pretend to be a tax preparer or the IRS, and they’ll try to get personal information from you via phone, text, email, or when you click a link.
- Ransomware — Ransomware is when someone takes forcible control of your computer and ransoms you. They’ll lock your PC and tell you that the only way they’ll unlock it is if you pay them a certain amount of money. If this is done in your small business, it can spread across your network and affect every computer in your office. Ransomware can be software loaded onto your computer, or it can be installed when someone has access to your PC.
- Easy money — If someone promises easy money through some type of tax loophole, you should be very skeptical. The scammer might say that they know some unknown way to get you a ton of money back from the IRS. There’s no secret loophole that will get you a ton of money and the scammer will instead take your information or money.
- Identity theft — The goal of identity theft in a tax scam is to take enough information to file taxes fraudulently with your name. This is bad on two levels. First, you won’t be able to file your taxes since someone with your Social Security number already did. Secondly, you could get in trouble with the IRS if the identity thief performs tax fraud.
- Update your information — Be aware that the IRS only contacts you via mail. A scammer saying they are with the IRS could reach out to you and tell you that your tax information needs to be updated. They may ask for the information over the phone or send a fake link to your email for you to update your info.
- Your account got locked — One fear tactic is to tell you that your account will be restricted or locked if you can’t verify who you are. This might seem like a very normal safety feature, but it’s a common tactic scammers use. For example, they might say that you have 24 hours to provide the information before your account gets permanently closed and you can’t file business taxes anymore.
- An unexpected “refund” — In this cam, the scammer will say that you unlocked a huge refund. They’ll need you to either verify who you are or send over money to open the account. Like promises of tax loopholes or lotteries, there’s no way to unlock an extra refund from the IRS.
- IRS impersonator phone call — One of the most common scams is someone pretending to work for the IRS. A scammer can spoof the phone number of the IRS. Don’t fall for this; the IRS never calls you.
- Prepaid cards, gift cards, wire transfer — The IRS will never ask you to pay with gift cards, prepaid cards, or a wire transfer. This is a well-known tactic that scammers do to get quick money that can’t be refunded.
- Threats to cancel Social Security — Another red flag. Again, a tax fraud scam call is all about scaring you into making a rash decision.
- Fake texts — The IRS will never text you about important tax information.
- Social media messages — The IRS won’t message you on social media. Don’t click any suspicious links on social media.
- IRS agents showing up in person — This can be scary. IRS agents will not show up in-person at your business or home. It is recommended to get away from the situation as quickly and safely as possible and immediately call the police.
- Fake tech support — There are fake tech support numbers all over the internet, and sometimes they will call you, pretending to help with any issues you’re having with your computer. They might also pose as the IT department of a tax filing software. They could take control of your computer, lock it, steal your information, and take your money.
It’s important to increase your awareness of tax scams and keep your information safe. Read more here about how to spot a scam, avoid one, and report one.
Majority of Employees Fail Basic Cybersecurity Quiz
If you or your organization passed the tax scam “tests,” have you passed a cybersecurity quiz recently? The Federal Trade Commission (FTC) is a great resource for small businesses, offering cybersecurity quizzes on various topics and other cybersecurity resources Additionally, the Oregon Small Business Development Center (SBDC), a Cyber Oregon sponsor, offers small businesses a number of helpful resources to protect against cybersecurity threats.
SC Magazine reports that 61% of employees fail a basic cybersecurity quiz. A recent survey found that although 69% of employees surveyed received cybersecurity training from their employers, 61% failed. This is despite the increase in cybersecurity training in response to the increased remote workforce due to COVID-19.
The poor test-taking results reinforce the need for continued cybersecurity training — and perhaps exploring different training strategies. “Be sure to constantly run security training and include mobile in those sessions. Consider any text, email, WhatsApp message, or communication that creates a time-sensitive situation a red flag. Users should approach any suspicious messages with extreme caution, or go straight to their IT and security teams to have them examine it first,” Hank Schless, senior manager, security solutions at Lookout told Steve Zurier in the SC Magazine interview.
James McQuiggan, security awareness advocate at KnowBe4, added, “Make the training engaging [and] interactive and provide users with an emphasis on protecting their passwords, watching out for phishing links and what it takes to protect the organization as much as the IT and infosec departments.”
Top 5 Reasons Hackers Might Target Small Businesses
In his Hacked article, Aaron Weaver outlines the top five reasons hackers target small businesses:
1. Lack of Cybersecurity Systems. Business dealings were already increasingly taking place online, then the pandemic hit. Transactions, communications, and data storage have taken an even more drastic shift into the cyber realm, and hackers have taken notice.
2. Untrained Employees. This is perhaps the most vulnerable and overlooked area for businesses. Some of the biggest hacks Hacked has seen were not the result of expert hackers infiltrating complex security systems. The cybercriminals simply tricked employees into handing over their sensitive information.
3. Unsecured Accounts. Whether it’s a bank account or an employee’s work email, every account related to your business should contain a long, varied password. The difference in the time it takes to hack a 10-character password vs. a 12-character password is literally centuries.
4. Insufficient Upkeep. Organizations must be diligent in updating their systems. Take due diligence in reminding your employees about the dangers of cyber theft.
5. Lack of an Action Plan. These are just a few of the important questions you should ask yourself well before you get hacked:
- If a hacker steals your data and holds it for ransom, will you pay?
- How will you respond to customers if their information is stolen?
- How will you even know you’re being hacked?
- Will you shut down your entire network if you discover a breach?
Read the full article for Weaver’s colorful — and scary — anecdotes, examples, and tips.
Partner blog post of interest: Fidelis: What Do You Do When the Cyber Police Call?