The 2022 Annual Report of the Identify Theft Tax Refund Information Sharing Mission and Analysis Center showed an increase in suspicious activity surrounding tax fraud — from 2 million reports in 2021 to over 8 million nationwide in 2022.
This data tells me what we already should know, hacking and fraud are on the uptick in a huge way.
As we roll into Spring 2023 — well into income tax season — cybercrime and hacking will continue to be intertwined and in the headlines.
Scams range from extraordinarily complex to quite simple.
One complex scheme involved a group of individuals that pretended to be a CPA firm by purchasing fake credentials to various CPA firms around the nation on the dark web and opening a series of accounts, starting fake companies. all to defraud you. They filed $36 million in fake refunds and defrauded over 9,000 people and this business was located here in sunny South Florida.
After a 5-year run, these fraudsters are now facing hacking, racketeering, and tax fraud charges which could land them behind bars for 20 years or more. That level of complexity is frightening but rare.
More than likely here in Florida you will see simpler frauds, which unfortunately are quite common, and people fall for them each year over and over so that is why we continue to see them.
The most rampant and common tool for fraudsters is email.
Email scams are extremely popular because the investment for hackers is low, and the ROI can be huge. A common hack would be an email with an IRS logo at the top and bottom that says we need to recalculate your refund so "click here" to verify your information.
Do not click as they are phishing for your personal information.
They want to harvest data, steal your identity, or install malware to track online activity (to steal passwords and clean out your bank)
Or worse, they will extort you. More on that later.
Hackers also will send a letter via U.S. Mail that will also show signs of being valid.
Fake logos like the Federal Deposit Insurance Corp., IRS or others — like the Bureau of Tax Enforcement (BOTE), which is not really an organization, but hackers assume most John and Sally Floridians don't know that.
The letter may state there will be a lien or wage garnishment unless a money order is sent to a P.O. box or something similar.
Cybercriminals also use the phone quite often and will impersonate the IRS, even going as far as to spoof your caller ID to say IRS. They can easily do that, and when they call, they will ask for payment for you to avoid fees, prosecution, and even arrest. They are assuming someone they call has not paid their taxes in a while and falls for their hack.
A good rule of thumb with fake calls is to use common sense; it takes a great deal of effort to get the IRS on the phone, so they are not going to be calling you, ever.
Texts are also becoming more common for hackers to spread malware as well as collect data on your phone.
Have you received a text that said click here to find an update on your tax return? It is also fake, unlike the rest of America the IRS does not text.
Florida Attorney General Ashley Moody and her office provide a place to report scams and ask questions as well as learn more about the latest cybercrimes and fraud. The ones we are discussing today are in her top four on the website, those are tax identity theft and IRS impostors.
When in doubt, call your CPA, lawyer, IT person, neighbor or police department (anyone) before ever giving your personal information over the phone or the internet. Hackers are looking for you to slip up and you must be vigilant.
Worst of all, fake IRS emails aren't just phishing they just may say "click here" and if you do so your entire office will be infected with ransomware. Ransomware is in the news each and every week and email is usually the threat delivery system used to spread it.
Ransomware is a payload you never want to be on the receiving end of, not ever.
Cyber defenses will block most threats, but for the ones that make it through those protections, you must be prepared to identify them as fraudulent.
Consult someone before giving information, invest in MDR tools to pair with other security offerings (managed detection and response), use common sense, and report anything suspicious to law enforcement.
That is how you can fight back against hackers.
___
Blake Dowling is CEO of Aegis Business Technologies; he can be reached at dowlingb@aegisbiztech.com.
No comments:
Post a Comment