Businesses fearful their workers may be targeted by fraudsters will want to take a look at the free Tax Scam Awareness Kit offered by Proofpoint, a data protection company in Sunnyvale, Calif.
The kit, for both Windows and macOS, includes materials for an employee education campaign about tax fraud, three educational videos, an infographic, answers to frequently asked questions about tax scams, and a tax scam flyer.
The kit is designed to be used over a two-week period to educate employees about tax fraud. During the first week, employees are encouraged to visit an IRS website that focuses on tax scams aimed at consumers and to copy and distribute at the office, as well as at home, the “Attack Spotlight” flyer included with the kit.
The flyer has the image of a friendly robot warning that scammers often impersonate government tax agencies or tax preparation services.
It also has some basic cautions. For example, if you receive a tax-related message, don’t interact with it immediately and take your time to evaluate it.
If the message looks legit, verify it with the sender without responding directly to the message, the flyer recommends. You could copy the email address of the sender and send them a separate message, for instance.
During the second week of the program, it’s suggested that employees view the training videos created for the toolkit.
One video is titled “Tax-Related Scams.” In the two-minute video, the friendly robot gives some tips on recognizing phishing emails containing tax scams and offers advice on avoiding being victimized by scammers.
A second, 49-second video, titled “Confidential Information, Don’t Let Them In,” offers advice on protecting your computer at work and on physical security at the office.
“Phishing Emails in Real-Life” is the subject of the third video. It’s an amusing three-and-a-half minute take on how scammers bait their prey and how to avoid becoming fraudster quarry.
“We created the Proofpoint Tax Season Awareness Kit to help security teams increase their users’ awareness regarding possible tax season scams and phishing attacks,” said Proofpoint Senior Security Awareness Strategist Gretel Egan.
“Cybercriminals often leverage tax-related lures, and it’s important to remind users of the routine security practices that can significantly reduce the risk to monies and sensitive tax data,” she told TechNewsWorld.
“Our written and visual resources include a suggested communication plan and schedule to help organizations take a scalable approach to amplifying user recognition of these threats,” she added.
Businesses have good reason to worry about their workers being targeted by tax scammers. Last year alone, the IRS uncovered US$2.3 billion in tax fraud.
One of the most prevalent scams involves a scammer posing as a government agent. “That’s when a scammer calls you and pretends to be from the IRS stating that you haven’t paid your taxes, and they have a warrant out for your arrest unless you pay them immediately,” explained AARP Director of Fraud Victim Support Amy Nofziger.
“This is not how the IRS works,” she told TechNewsWorld. “They will never call you unsolicited. It also does not initiate contact with taxpayers by email to request personal or financial information.”
The IRS recently warned of such a scam aimed at educational institutions.
The suspect emails display the IRS logo and use various subject lines such as “Tax Refund Payment” or “Recalculation of your tax refund payment,” the agency explained in a news release. They ask people to click a link and submit a form to claim their refund.
The link goes to a website that attempts to collect personal information about the target.
Surprise Tax Bills
Nofziger noted that there has also been an increase in people claiming that someone has filed taxes with their dependent’s social security number.
Some consumers have also been served unwarranted tax bills due to unemployment fraud. In those cases, a scammer files an unemployment claim on behalf of a consumer, who later receives a 1099-G form stating they have taxes to pay for benefits the scammer received.
Unsurprisingly, the pandemic has also been exploited by fraudsters. “The scammer says someone owes money, or are owed money, and have to confirm amounts on a fake website made to look like the IRS site,” explained Erich Kron, security awareness advocate at KnowBe4, a security awareness training provider in Clearwater, Fla.
“Some scams are also claiming that they are the IRS and must confirm the victim’s bank account information to get their refund,” he told TechNewsWorld.
While both businesses and individuals are targeted by fraudsters, business scams can have a broader impact. “We have seen scams designed to get organizations to give up the W-2 information of all their employees,” Kron said.
“The cyber criminals then use the information to falsely file the tax returns on behalf of the employees,” he continued, “making it appear that they are entitled to a refund, then escape with the money, often before the victims have even started to do their taxes.”
Chris Clements, vice president of solutions architecture at Cerberus Sentinel, a cybersecurity consulting and penetration testing company in Scottsdale, Ariz. added that businesses usually have in-house accountants or use external CPA’s to file their taxes.
“Finance professionals should be aware enough of the appropriate channels that any out of the ordinary communications should be enough for them to arouse suspicion,” he told TechNewsWorld.
“Individuals, on the other hand,” he continued, “are more often fooled, especially with scare tactics around potential arrest. The unfortunate outcome can be that they fall victim to the scam and have money stolen from their bank or credit card accounts.”
Why do tax scams continue to work? “Taxes can be confusing, and scammers know that and know when it’s our tax season and can prey on new taxpayers with their scams,” Nofziger explained.
“The IRS impostor scam works so well because no one ever expects to be hearing from the IRS demanding money, so the victim starts reacting with their emotions,” she said. “They are scared to be arrested in front of family and friends.”
She advises that anyone who believes they’re a victim of tax ID fraud should call the IRS Identity Protection Specialized Unit at 800-908-4490 and notify their state tax agency.
They can also file a report, and get started on a recovery plan, at the Federal Trade Commission’s Identify Theft site, she continued.
Nofziger added that the IRS’s “Identity Protection” page has numerous resources for individuals, businesses and tax professionals on preventing and dealing with fallout from tax identity theft, including a guide for taxpayers and detailed information on assistance for victims.
Proofpoint’s Tax Scam Awareness Kit is available here.