Understanding Data Breaches: Navigating the Threat Landscape
In the dynamic realm of cybersecurity, the term "data breach" echoes the potential for causing harm, chaos, and compromise. It's more than just a...
If you look at your tax documents, you may notice that they contain all sorts of useful information about you. At any time of the year, any cybercriminal would be delighted to have access to this data. During tax season, they can make an easy profit by filing your taxes before you do and stealing the refund.
Ah yes, we’re back to the dark web and the hacker industrial complex. This isn’t a bunch of teenagers in a basement. Ok, well, it might be some teenagers in a basement but it’s also a fully functional marketplace at a scale where experienced cybercriminals are selling products and services to entry-level hackers at a significant profit.
According to Carbon Black, “Research into various marketplaces on the dark web found W-2 forms, 1040 forms, and how-to guides for illicitly cashing out tax returns available. W-2s and 1040s are available on the dark web at relatively low costs, ranging from $1.04 to $52. Names, Social Security Numbers (SSNs), and birthdates can be obtained for a price ranging from $0.19 to $62.
For a more comprehensive investment (around $1,000) a relatively inexperienced hacker can purchase authenticated access to a U.S.-based bank account, file a false tax return, claim the IRS refund, and cash out via a cryptocurrency exchange for a 100+% return on investment. …”
Last year there were many stories in the news about criminals filing fake tax returns. Inone case earlier this year, four defendants defrauded the IRS by using stolen identities to file tax returns and obtain refunds, they pleaded guilty. Tax-related identity theft? No, thank you.
Good cybersecurity practices are important throughout the entire year in order to protect yourself, your family, and your teams online. However, the additional risks associated with tax season mean it’s a good idea to keep Spidey senses up and take a few extra steps to keep yourself secure. Pass it on!
The IRS works on a first-come, first-served basis when it comes to your taxes. By not waiting until the last minute, you shorten the window where a scammer can put in a fake return before you do
Entire families of malware are focused solely on stealing data and filing fraudulent tax returns. Keeping your antivirus updated (and running it regularly) and installing software updates often minimizes your chance of infection.
Phishing attacks top the IRS’s list of the most common threats during tax season. Before clicking a link, entering credentials, opening a file, or sending off any type of data, take an extra step to validate the email’s sender.
Phone calls are a favorite tactic of tax scammers. The IRS will never call you and certainly won’t ask for sensitive data over the phone or tell you to pay your tax bill in prepaid gift cards. Scammers sometimes even use fake names and phony IRS ID numbers to con people out of money and information. If the call is not picked up, the scammers often leave an emergency callback request message! The nerve.
The IRS also warns this year about a new twist on the IRS impersonation phone scam whereby criminals fake calls from the Taxpayer Advocate Service. If you do get a call, and you do answer it, just hang up.
While public WiFi is great, and cafes provide the caffeine that you need to make it through all of the screens on your tax return, don’t use public WiFi when performing sensitive actions. Take your drink to go and pay taxes from your couch.
People commonly use weak and reused passwords, making it easy for cybercriminals to gain access to their accounts. Use a password manager to assign a strong, unique password to all of your online accounts.
With the number of recent data breaches, there is a good chance that the password you use for everything has been leaked. Turning on multi-factor authentication makes it harder for a cybercriminal to use it to steal your data.
Throughout the year, and during tax season, in particular, you probably end up with a lot of sensitive paperwork. Make sure that it is shredded properly. As disgusting as it sounds, people may be willing to dig through the trash for it.
You’ve probably gotten “preapproved” offers for a credit card that you don’t want. Criminals, on the other hand, would love a card in your name. These companies offer an opt-out option. Take them up on it.
Taking these steps can dramatically decrease your risk of being a victim of identity theft and tax fraud. However, if you try to file your taxes and the application is rejected, it may mean that the cybercriminals did so first. If this is the case, act immediately and:
call the IRS Identity Protection Specialized Unit (IPSU) at 1-800-908-4490 to report it.
You can also File an ID theft affidavit: You can document the identity theft by submitting a police report and the IRS ID Theft Affidavit (Form 14039).
Contact your state tax organization: Your state taxes may be affected as well.
Document your case: Download the free ID Theft Help App from ITRC to track your case as you go through the resolution process.
Call the ITRC: You can receive no-cost assistance from a victim advisor by calling 1-888-400-5530.
In a summary of the findings Carbon Black found these scary statistics with specific numbers showing the low cost of getting sensitive data:
As a bonus, we've included a blog that, when it comes to tax habits, these are people you *maybe* shouldn't aspire to be.
https://blog.cheapism.com/celebrities-with-tax-problems/#close
In the dynamic realm of cybersecurity, the term "data breach" echoes the potential for causing harm, chaos, and compromise. It's more than just a...
7 min read
Psst: CISOs and experts, this is one of our beginner-oriented articles! If you're looking for more advanced material, we recommend a dive into the...
4 min read
What are the recent trends in cyber security, risks, and strategy?What will be the new trend in cybersecurity?What are the latest trends in...
4 min read