It's tax time, and for hackers, it's their favorite time of the year.
|With the amount of personal and financial information travelingthrough cyberspace, there are plenty of opportunities for them tosteal personally identifiable information(PII), tax refunds and other personal details about taxpayers.
|Poor safety practices
According to CyberScout, a data security and identity theftprotection firm, most tax payers still aren't worried about taxfraud, despite warnings from the government and other entities. Inits second annual Tax Season Risk Report, poor safety practicesand a lack of concern for their data security are leaving consumersextremely vulnerable to hackers.
|In 2015, over 700,000 taxpayer accounts were compromised, andsince then the Internal Revenue Service (IRS) has implemented a number of changes to mitigate taxfraud and identity theft for taxpayers. The efforts seem to bepaying off, as the number of identity theft affidavits filed withthe IRS dropped 50 percent in the first nine months of 2016.
|Catching fraudulent returns
In addition, the number of fraudulent returns identified beforethey were processed also confirms the new efforts are working, as50 percent fewer fraudulent returns made it through the IRS taxprocessing system. By September 2016, 787,000 fraudulent returnstotaling more than $4 billion had been caught by the process.Catching these fraudulent returns also means fewer fraudulentrefunds paid by financial institutions. In 2015, banks paid $829million in fraudulent refunds, but that number dropped to $239 in2016.
|"We've reached an extreme level of cyber crime where identitytheft has become the third certainty in life. In tax season it iscrucial that everyone remain vigilant and on high alert to avoidtax-related identity theft or phishing schemes," said Adam Levin,founder and chairman of CyberScout.
|Keep company info safe
According to Beazley, which provides data breach responseinsurance, hackers are using a variety of methods to impersonateexecutives and gain access to companies' W-2 tax information, andthe attacks are expected to increase throughout tax season.
|Here are several ways to keep company information safe andsuggestions to keep your tax refund out of the hands offraudsters.
||
(Photo: iStock)
|1. Trust, butverify
Just like other types of CEO fraud that spoof an executive's emailaddress and even his or her writing style, fraudsters can employthese same strategies to access employee information or evenrequest a funds transfer according to Beazley. Anyone who receivessuch a request from an executive, vendor, bank or other institutionshould verify the request by phone or some other means besidesemail.
|
(Photo: Shutterstock)
|2. What's on theweb?
A company's website can provide a fair amount of informationabout executives, including email addresses and other criticaldetails. It's wise to keep contact information for employees in thefinance department off of the website, particularly lower levelemployees or those responsible for wire transfers, since it makesit harder for thieves to target them for fraudulent schemes.
|
(Photo: Shutterstock)
|3. Monitor W-2requests
Sadly, hackers are making more requests for employee taxinformation, so beware of any unusual or what Beazley terms "out ofband" requests for W-2s. Rarely do CEOs, CFOs or other executivesrequest this type of information from a junior employee.
|"Hackers are on the grab right now for W-2s, social securitynumbers and other personal information in order to perpetrate taxfraud," said Katherine Keefe, global head of BBR Services in apress release.
|
(Photo: Shutterstock)
|4. I need thisimmediately!
It's not unusual for a scammer to request that information besent as quickly as possible. By making the request seem urgent, thefraudster hopes that an employee will respond without consideringwhether or not the request is genuine because of the threat of areprimand or some other consequence if the response is delayed inany way.
|Companies should have a proper protocol for such requests toprotect employees, the information and the company itself fromthese types of scams.
|
(Photo: iStockphoto)
|5. Beware of socialmedia posts
Most people know not to post their travel plans or vacations onsocial media, but the risks can spill over into the corporatesetting. Executives who post their plans can make it easier forscammers to reach out and request employee information or wiretransfers while the executive is unavailable to confirm therequest.
|"These prevention steps are not difficult to implement, but theydo require awareness and vigilance at all levels of anorganization," added Keefe.
|Related: The risks and rewards of socialmedia
|
(Photo: Bigstock)
|6. Passwordsmatter
Tax payers also need to take some specific steps to protecttheir information. Using strong passwords for your wirelessnetwork, computer and various logins will go a long way to make itharder for hackers to access your information.
|Security experts have a number of recommendations to keep in mind whenselecting passwords:
- Avoid words that are easy to guess — e.g., "password,"birthdate, social security number, or nonsense words that useadjacent letters on your keyboard.
- Don't use the same password for multiple websites.
- Use a combination of letters and special characters.
- Longer passwords (12-15 characters) provide more security.
- Don't leave passwords out in plain sight on your computer foreasy access.
(Photo: Shutterstock)
|7. Guard yourinformation
Don't validate your information for anyone who contacts you byemail or on the telephone. The IRS still contacts tax payers bysnail mail. If someone you don't know calls or emails you for taxinformation, be very wary and don't provide any information.
|
By using direct deposit for tax refunds, it limits who hasaccess to your money. (Photo: Shutterstock)
|8. Use directdeposit
Having your tax refund deposited directly into your bank accountor sent to a mailbox that locks will prevent thieves from stealingyour refund checks. The IRS says more than 70 million tax payerswill receive a refund this year, but only a third of thoserecipients have a locked mailbox.
||
(Photo: Shutterstock)
|9. Fileearly
Filing taxes earlier in the tax season makes it harder forfraudsters to file on your behalf and access your tax refund.CyberScout says that nearly 43 percent had filed by February, but57 percent of us were still procrastinating.
|
(Photo: Shutterstock)
|10. If you're avictim…
Tax payers who suspect that someone has stolen their identityfor employment purposes or to file a fraudulent tax return shouldcomplete form 14039 and mail or fax it to theappropriate IRS office with the requested forms ofidentification.
|The IRS has also launched the "Taxes.Security.Together" campaign to educatebusinesses and tax payers on how to keep their information safeduring the 2017 tax season.
|Want to continue reading?
Become a Free PropertyCasualty360 Digital Reader
Your access to unlimited PropertyCasualty360 content isn’t changing.
Once you are an ALM digital member, you’ll receive:
- All PropertyCasualty360.com news coverage, best practices, and in-depth analysis.
- Educational webcasts, resources from industry leaders, and informative newsletters.
- Other award-winning websites including BenefitsPRO.com and ThinkAdvisor.com.
Already have an account? Sign In
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
Patricia L. Harman
Patricia L. Harman is the editor-in-chief of Claims magazine, a contributing editor to PropertyCasualty360.com, and chairs the annual America's Claims Event (ACE), which focuses on providing claims professionals with cutting-edge education and networking opportunities. She covers auto, property & casualty, workers' compensation, fraud, risk and cybersecurity, and is a frequent speaker at insurance industry events. Contact her at [email protected]
