Phishing for Returns: Hackers Scamming Tax Professionals for W-2 Information

It's that time of year again, tax season. But while you're filling out forms and digging through last year's receipts, cyber crooks are on the prowl for your personal information. If hackers are able to pinch your tax information from you or a tax professional, you could suffer identity theft, stolen returns or dark web victimization.

Below we will discuss a few of the season's most common threats, and how cyber policy insurance offers protection against cyberattacks.

Death, Taxes & Fraud
On February 1, 2017 the Internal Revenue Service issued a warning to taxpayers to watch out for phony emails or websites looking to steal personal information. As part of its \"Dirty Dozen\" tax scams for the filing season, the IRS gave special focus on phishing.

For those who don't know, phishing scams are spam email campaigns made to look like the real deal (in this case, an important message from the IRS). Often, they contain frightening or urgent subject lines and messages to lure taxpayers into their trap. Typically, they will include an email attachment with hidden malware, a bogus redirect link or request for personal information.

Phishing emails can be sent to tax professionals, payroll employees, HR personnel, schools and even taxpayers themselves. This is especially scary since the people we trust to manage our taxes could potentially fall for these scams - through no fault of your own! And once this information is in a hacker's hands, it becomes much harder to remedy. That's because W-2 and W-9 tax information is incredibly valuable.

Here's a little context. A pilfered credit card sells on the dark web for about $1 to $2 whereas a person's medical records or tax information goes for $40 to $50. That's because credit cards expire and can be cancelled at any time (which is why cybercriminals prefer to buy these in bulk). Tax or medical records, on the other hand, contain highly-coveted data, like Social Security numbers, that never change.

Once your data is purchased by a digital con artist, they will take out loans in your name, make fake IDs with your information, open credit card accounts on your behalf or whatever other nefarious ideas pop into their head. Even novice hackers are a threat since the dark web offer tax scam tutorials for just a dollar's worth in bitcoin.

So how can you stop this from happening to you? Whether you are an organization of tax professionals or an average taxpayer, here are a few steps to keep you safe:

  • Stay Suspicious. Don't fall for \"URGENT\" email messages from strangers. The IRS won't bust down your door for not replying to an email, but hackers will steal your information if given the chance.
  • Stay Smart. Remember that the IRS, your bank and other legitimate services are well aware of phishing scams and would never ask you to share personal information over email or ask you to open a redirect link.
  • Educate Your Staff. Host training session for your HR / payroll departments and employees to keep tax records from falling into the wrong hands.
  • Get Ahead of the Game. Fend off scammers by filing your taxes early.
  • Invest in CyberPolicy. If your data is stolen or breached by a cybercriminal, cyber policy insurance from CyberPolicy can protect you from first- and third-party financial damages.
  •  

Curious to see what CyberPolicy can do for your organization? Visit our homepage to learn more!

© 2016-2020 CyberPolicy, Inc. All rights reserved. CyberPolicy®, "Plan. Prevent. Insure."™, and "CyberCheckup"™ are trademarks of CyberPolicy, Inc.
DBA: CyberPolicy Insurance Solutions CA License No. 0L13180
DBA: CoverHound Insurance Solutions CA License No. 0H52375