Protect Yourself and Your Business from the Rising Threat of Cyber Fraud by Anya Stasenko, CPA
Posted on December 21, 2018
As you ring in a New Year and prepare for the April tax filing deadline, it is critical you recognize that this season brings with it a heightened risk of identity theft and cyber fraud for which you must take necessary precautions to protect yourself, your businesses and your clients. Criminals are continuously coming up with new and more sophisticated methods to trick unsuspecting taxpayers into willingly handing over their money and/or personal information to scammers. The good news is that you can take steps to detect and prevent these scams throughout the year.
Criminals are known to pose as government agencies or other trusted sources, including financial institutions, payroll services companies, accounting software providers and even taxpayer’s own employees and friends, in an attempt to get victims to pay a fictitious bill or release sensitive information. Not only do fraudsters make these communications look official and sound like they are from a legitimate source, they even go so far as to create imitation websites that are extremely difficult for victims to differentiate from the real ones.
In one common scheme, criminals pose as the IRS and either email, telephone or text taxpayers to demand payment of a phony tax liability. If taxpayers do not comply, the scammers become aggressive and threaten victims with arrest and even deportation. Similar frauds alert victims that one of their passwords are expiring or one of their accounts need to be updated. The criminal’s goal is to entice users to click on a link to a fake website that steals usernames and passwords or to open an attachment that downloads malware or tracks keystrokes on victims’ computers.
In addition, there are a number of scams in which criminals may impersonate your business’s actual employees, including payroll and human resource executives, or vendors who you know and work with on a regular basis. These phishing attempts, which appear to be legitimate, involve requests for lists of employees’ names, social security numbers and bank information and/or instructions for changing the pay to account of an employee or vendor. Unless you actually verify through telephone or face-to-face contact that the email is in fact from the purported sender, you may unwittingly send payment to an actual criminal and essential say goodbye to those dollars.
Protect Yourself and Your Business
Identity theft and cyber fraud are very real problems that endanger individuals and businesses and their financial information. According to the IRS, there was a 60 percent increase in tax-related bogus email schemes alone in 2018.
Here are a few steps to take to protect against phishing and cyber fraud schemes in 2019:
- Be vigilant; be skeptical. Never open a link or attachment from an unknown or suspicious source. Even if the email appears to come from someone you know, proceed with caution. Cyber crooks are adept at mimicking trusted businesses, friends and family — including the IRS. Thieves may have compromised a friend’s email address, or they may be spoofing the address with a slight change in text, such as email@example.com vs. firstname.lastname@example.org. You can easily be tricked by the mere change of the letter “m” to “r” and “n”.
- Phishing schemes thrive on people opening messages and clicking on hyperlinks. When in doubt, don’t use hyperlinks and go directly to the source’s main web page. Remember, rarely will a legitimate business or organization ask for sensitive financial information via email.
- If you receive an unsolicited email requesting you to share change sensitive data or make changes to bank account information, pick up the telephone, dial the number that you have for the purported sender (do not simply call the phone number listed in the email) and confirm that the request is legitimate before you take any action.
- Remember that the IRS does not initiate spontaneous contact with taxpayers by phone or email to request personal or financial information. In addition, IRS will not call taxpayers with aggressive threats of lawsuits or arrests.
- Use security software to protect against malware and viruses found in phishing emails. Some security software can help identify suspicious websites used by criminals.
- Use strong and unique passwords to protect each of your online accounts. If necessary, use a password manager to help you remember your login credentials for each account. Criminals count on the fact that most people use the same password repeatedly, giving crooks access to multiple accounts if they steal a password. Experts recommend using a passphrase, instead of a password, with a minimum of 10 digits, including letters, numbers and special characters. Longer is better.
- Use multi-factor authentication when offered. Two-factor authentication means that in addition to entering your username and password, you must also enter a security code, often sent to you as a text to your mobile phone. Even if thieves manage to steal your usernames and passwords, it is unlikely they will also have your phone.
- Engage audit professionals to conduct check-ups of your organization’s internal controls. The effectiveness of your business’s efforts to protect sensitive data is dependent on the policies and procedures you have in place.
About the Author: Anya Stasenko, CPA, is a senior manager with the Audit and Attest Services practice of Berkowitz Pollack Brandt, where she provides business consulting services, audits of financial statements and agreed upon procedures as well as pre-immigration tax planning for foreign persons and owners of foreign and domestic entities. She can be reached at the CPA firm’s Ft. Lauderdale, Fla., office at (954) 712-7000 or via email at email@example.com.