Cybersecurity is a hot topic these days. New threats are cropping up daily and hackers are using more sophisticated tactics to lure people into falling for their scams.
Hackers are exceptionally good at tying their schemes to trends, events, or a time of year. They fit themselves in to what’s already going on in your life, which increases the probability that you’ll take the bait. We are in one of the times right now – tax season.
These first few months of the year are when we’re gathering documentation from financial institutions, discussing details with tax professionals, filing taxes, and potentially communicating with the IRS about statements, bills, or refunds. The hackers know this and they capitalize on it.
Email Scams Targeting All Technology Users
A common scam is an email that looks like it’s from a financial institution, the IRS, or even a healthcare provider saying that a tax form, statement, return, or bill is attached. Given that it’s tax time, this email might look authentic. But if you open the attachment or click the link, it will infect your system with malicious software (malware), and your company’s data will be compromised. Be extra careful reviewing emails before interacting with them.
"Software Update" Scams Targeting CPAs and Tax Preparers
Another major scam going around right now that CPAs and tax preparers need to be aware of is a phone scam that targets Electronic Return Originators (EROs). The hackers determine which applications you use to file returns, then call your office saying you need to correct problems with the software or reinstall it. Knowing that you need that program to get your job done, they offer to “help” you fix the issue. They ask you to visit their website and grant them access to remotely log in to your computer. If you do, they will have access to all of your data – including sensitive data that you have stored about your clients.
Unfortunately, phone scams like this are prevalent and can happen to anyone. The caller will usually say they’re from onlyforsupport.com, fastsupport.com, or something similar. Regardless of where they say they’re from, if you don’t recognize and trust who it is, don’t give them access. If you have any doubt, contact your IT provider before allowing access to make sure it’s not a trick.
Protecting your company from phone and email scams like these requires cooperation and diligence from employees. They’re easy to fall for, so educating on common scams will reduce the risk that one of these will affect you.
Protecting Your Business Network from Scams
The other component is protecting your network. At a minimum for IT security, companies need to have a firewall, web filter, spam filter, and antivirus – and they all must be constantly managed. In order to be effective, they need to be monitored daily by a person or automated process, watched for trends and unusual activities, and have the latest updates installed promptly. New threats arise daily, so your system must be kept up to date to protect against them.
If you’re not confident that your system is as protected as it should be, ask your IT support provider for specifics on how they’re mitigating your security risks.
As featured in the February 12th issue of The Press-Enterprise
Related: Tech Alert: Phishing Scams ... Can They be Avoided?