News &
Information

Failure To Timely Report Data Breaches Leads To Loss And Blunts Mitigation Efforts

SEC rules require prompt reporting of data breaches. Learn about a $10 million fine, and why timely notification is important.

Medusa Ransomware Is Turning Unpatched Systems To Stone

Cybercriminals can exploit a single unpatched device to infect the entire organization with Medusa ransomware. We examine.

Ransomware Attacks Increase, Forcing Organizations To Respond

Emails remain cybercriminals' chosen method of delivering ransomware. We discuss tips on combatting the risk.

Authenticator Software: Being Exploited By Cybercriminals

Users seeking stronger security are duped into downloading fake security apps.

IRS Warns HR And Payroll Departments About The "New Client" Scam

The IRS has published its "dirty dozen" of scams. Here is the first of the scams from the IRS site:

The IRS continues to see a barrage of email and text scams targeting taxpayers and others. These schemes frequently peak during tax season but they continue throughout the year. Taxpayers face a wide variety of these scams and schemes. And tax professionals, payroll providers and human resource departments [emphasis added] remain favorite targets of email and text scams since they have sensitive personal and financial information. One common example remains the "new client" scam that can target tax pros and others.

That means taxpayers and tax professionals should be alert to fake communications posing as legitimate organizations in the tax and financial community, including the IRS and state tax agencies. These messages arrive in the form of unsolicited texts or emails to lure unsuspecting victims to provide valuable personal and financial information that can lead to identity theft. There are two main types:

  • Phishing: An email sent by fraudsters claiming to come from the IRS. The email lures the victims into the scam with a variety of ruses such as enticing victims with a phony tax refund or threatening them with false legal or criminal charges for tax fraud.

  • Smishing: A text or smartphone SMS message where scammers often use alarming language such as, "Your account has now been put on hold," or "Unusual Activity Report," with a bogus "Solutions" link to restore the recipient's account. Unexpected tax refunds are another potential lure for scam artists.

Never click on any unsolicited communication claiming to be the IRS as it may surreptitiously load malware. It may also be a way for malicious hackers to load ransomware that keeps the legitimate user from accessing their system and files.

In some cases, phishing emails may appear to come from a legitimate sender or organization that has had their email account credentials stolen. Setting up two-factor or multi-factor authentication with their email provider can reduce the risk of individuals having their email account compromised.

The IRS provides the following prevention tips:

If a taxpayer receives an email claiming to be from the IRS that contains a request for personal information, taxes associated with a large investment, inheritance or lottery.

  • Don't reply.

  • Don't open any attachments. They can contain malicious code that may infect the computer or mobile phone.

  • Don't click on any links. If a taxpayer inadvertently clicked on links in a suspicious email or website and entered confidential information, visit the IRS' identity protection page.

  • Send the full email headers or forward the email as-is to phishing@irs.gov. Don't forward screenshots or scanned images of emails because this removes valuable information.

  • Delete the original email.

If a taxpayer receives a text claiming to be from the IRS that contains a request for personal information, taxes associated with a large investment, inheritance or lottery.

  • Don't reply.

  • Don't open any attachments. They can contain malicious code that may infect the computer or mobile phone.

  • Don't click on any links. If a taxpayer clicked on links in a suspicious SMS and entered confidential information, they should visit Identity Theft Central.

  • Report the message to 7726 (SPAM).

  • Include both the Caller ID and the message body in an email and send to phishing@irs.gov. Copy the Caller ID from the message by pressing and holding on the body of the text message, then select Copy, paste into the email. If the taxpayer is unable to copy the Caller ID or message body, forward a screenshot of the message.

  • Delete the original text.

  • For more information see the IRS video on fake IRS-related text messages https://www.irs.gov/newsroom/irs-kicks-off-annual-dirty-dozen-with-warning-about-phishing-and-smishing-scams

Commentary

Note that the IRS specifically states human resources and payroll personnel are targeted with this scam. Employers should make these departments aware of this announcement.

Finally, your opinion is important to us. Please complete the opinion survey: