National Tax Security Awareness Week 2019
/As tax season in the U.S. approaches, it's unfortunately common for individuals to file their taxes only to find out that someone has already claimed their return. This type of identity theft can be upsetting, but it may be even more upsetting if they found out their identity was stolen not through a fault of their own, but due to their employer falling victim to a scam.
To help combat this, the IRS announced the 4th Annual National Tax Security Awareness Week, taking place December 2-6, 2019, in an effort to “urge individual taxpayers, businesses and tax professionals to enhance their online security as identity thieves step up their efforts to steal personal and financial data ahead of the 2020 tax filing season.”
One common way savvy cybercriminals are targeting victims is by using business email compromise schemes, or "spear-phishing" tactics, to acquire personally identifiable information (PII) through employers. They spoof an email address or phone number to make it look like they are someone from the company's human resources management company or accounting firm — or even someone from within the company itself — and ask for employee W-2s. Once they have the W-2s, they are able to steal employees' identities.
Recently, the IRS warned that cybercriminals are widening their target scope from just large corporations to smaller organizations, such as nonprofits and school districts. According to the ACFE's 2018 Report to the Nations, small organizations often have fewer anti-fraud controls in place than larger organizations — a weakness that makes them easier targets for fraudsters.
Bruce Dorris, J.D., CFE, CPA, President and CEO of the ACFE, said, "Fraudsters and cybercriminals are continuing to search for new victims with this phishing scam. Many of these organizations have smaller budgets and do not have personnel to defend against these attacks, so nonprofits and school districts must invest and raise awareness in the latest fraud detection and prevention techniques to protect themselves."
Employers can protect themselves and their employees by:
Educating employees on email best practices
Never sharing PII over the phone or via email
Reporting suspicious behavior
Forwarding phishing emails to phishing@irs.gov, as requested by the IRS
Employers must remember that as technology evolves, so do fraudsters. The best defense against fraud during tax season is to be wary of anyone asking for sensitive information and to report suspicious behavior.