Beware: Your data might not be safe this tax season

Welcome back to the tech thread, your go-to source for navigating the dynamic IT world. As tax season approaches, so does the surge in cyberthreats aiming to pilfer sensitive data. Did you know that the Internal Revenue Service, or the IRS (the revenue service for the United States federal government),?identified a staggering $5.7 billion in tax fraud schemes in 2022, over twice the amount reported in 2021 [1]?

Today, we unravel the clandestine methods threat actors employ, how you can fortify your defenses, and the imperative role of vigilance in safeguarding your digital assets.

Amid tax season, your inbox is probably flooded with seemingly legitimate emails from tax authorities, financial institutions, or even colleagues discussing tax-related matters. With the large amount of personally identifiable information (PII) exchanged leading up to Tax Day, it’s no wonder that threat actors view this time of year as high season for stealing data to exploit people’s vulnerabilities for financial gain. The digital battlefield is real, and the stakes are high.

The PII?of 815 million Indian citizens, including Aadhaar numbers and passport details, was being sold on the dark web as of October 2023.

Types of threats to expect during tax season

As tax-related communications flood in, phishing scams rise, especially SMS phishing (smishing) scams, social engineering, malware, data theft, etc. Cyber adversaries may use "fullz" as a method of engaging in identity theft during tax season. The term "fullz" encompasses a comprehensive collection of an individual's personal details, including their name, date of birth, Social Security number, address, and financial account information. These compilations of data are obtainable through illicit means, either by purchasing them on the dark web or acquisition through data breaches [2].

• Bad actors use phishing tactics to target HR departments or pose as reputable banks, tricking employees into sharing sensitive information. Example: Scammers send emails impersonating HR or banks urgently requesting employees to submit tax forms for verification, leading to fraudulent tax filings.

• Scammers impersonate trusted sources, inducing urgency to avert consequences. Example: Scammers posing as the IRS or tax software companies send emails or create fake websites, requesting personal information under the guise of official tax correspondence.

• Social engineering tactics?come into play as scammers manipulate victims, inducing a sense of urgency by falsely claiming immediate responses are required to avert legal consequences or penalties.

• Malware-laden emails aim to infect devices and extract information. Example: Scammers send emails containing malicious attachments or links.

These convincing communications ask for personal information or login credentials under the pretense of official tax-related correspondence. Falling victim to these scams could expose individuals to identity theft and unauthorized access to sensitive financial data.

How to fortify against these attacks

1. Employee training: Equip your team to recognize phishing signs, such as urgent requests or unusual email details.

2. Secure file storage: Choose secure cloud storage for financial documents, and implement access controls and education on safe file?sharing.

3. Multi-factor authentication (MFA): Add an extra layer of defense with MFA, which acts as a double?lock on your digital vault.

4. Regular software updates: Treat software updates as a fortified wall, ensuring consistent patching to eliminate vulnerabilities in your digital defenses.

With these strategic measures, you not only protect against potential breaches but also contribute to a robust cybersecurity landscape. Adopt a proactive stance by conducting simulated phishing exercises to continually train and keep your team vigilant. Foster a culture?that encourages the reporting of suspicious activities, creating a united front against potential threats.

As tax season approaches, armed with knowledge and robust cybersecurity, let's stand united against looming threats. Let us empower ourselves, foster a skeptical mindset, and implement practical strategies to defend against breaches and contribute to the broader cybersecurity landscape.

Like what you're reading? Tap that Subscribe button, and we'll keep you posted on all things tech.

Until next time, stay vigilant and cyber?resilient!