The IRS recently reported that hackers have accelerated their efforts through target tax preparers by using the tried and true method of email phishing scams. Like the majority of cybersecurity scams, these malicious attacks are designed with the sole purpose of stealing personal identifiable information, financial data, and Social Security numbers, which can then be sold on the black market. Unfortunately for tax professionals, due to the high levels of sensitive data, hackers have begun to target the tax and accounting industry.
How Can You Spot A Fake Tax Email?
Combating the elevated attempts of hackers will require you to implement proactive monitoring solutions, as well as the following safety tips:
- Stay up-to-date on the latest phishing scams and tactics. When data breaches cost millions of dollars and can instantaneously ruin the reputation of your company it is far better to be safe than sorry. With this timeless mantra in mind, you should take a proactive approach to any emails. Double check the sender’s address to verify that it is from someone that you know. Be wary of any blatant misspellings or awkward phrases. Finally, when in doubt you should take a screen shot of the email, send it to your IT security department, and immediately securely delete the email without clicking on any of the links. If it turns out that the email was in fact legitimate, then you can always ask the sender to resend it.
- Never use the same password for every account. There are an infinite number of passwords, which means that you should never use the same password for more than one account. A strong password will consist of numbers, capitalized and lowercase letters, as well as special characters, which makes it harder for a hacker to crack. In some cases, hackers will send an unsolicited email asking you to reset your password, but only if you first confirm your current password. If you receive this type of email, do not type in your password, reply to the email, forward the email, or click on any links.
- Use email encryption to send and receive emails with sensitive data. One of the best ways that you can protect the sensitive data of your clients and company is to send emails with end-to-end encryption. Email encryption is used as a safeguard to keep hackers from accessing this vital information. Encryption can also be a good identifying factor for any email that is fraudulent in nature.
- Browse the Internet safely. Cybercriminals are waiting online for you to make a simple mistake, such as failing to use a password protected WiFi network or accidentally entering your email onto a fake site that is posing as a valid URL. Once a hacker has your email, he or she will be able to try and trick you into revealing additional information or sensitive data. As a general rule of thumb, if you ever need to transmit personal information online, then be sure to ensure that the website has a valid “https” code or the lock sign next to its URL.
- Do not download attachments from senders that you do not know. The latest phishing scam revolves around emails that have seemingly legitimate attachments. These attachments include headers, logos, and brand information that try to prove the emails authenticity. Do not be fooled by these elaborate attempts. Chances are there will be something that is not right about the attachment. With this in mind, one of the easiest precautions that you can take is to preview the attachment before downloading it. If you notice that something seems wrong, then you should immediately alert your IT security team, and delete both the email and its attachments.
By taking smart precautions and remaining up to date on the latest cybersecurity updates, you can avoid current and future phishing scams. CPU, Inc is the trusted choice when it comes to staying ahead of the latest information technology tips, tricks, and news. Contact us at (419) 872-9119 or send us an email at info@CPUonline.com for more information.