With the advent of tax season comes a host of new cyberthreats. According to an alert from the IRS issued in February, not only have form W-2 phishing scams increased, but they have spread beyond the corporate world to other sectors, and criminals are coupling these efforts with an older scheme on wire transfers.
Scott Barlow, vice president of global MSPs at Sophos Ltd., a U.K.-based network and endpoint security provider, says that during tax time, the best way for MSPs and other channel partners to help their clients defend against advanced cyberscams is to coordinate a simulated phishing attack to expose high-risk individuals within a customer base, and more important, provide them with the proper training—before they’re faced with a real phishing attack and are caught unprepared.
Sophos, for its part, offers security awareness testing and training for end users called Sophos Phish Threat. Other vendors with security awareness offerings include Clearwater, Fla.-based KnowBe4 Inc. and Ninjio LLC of Westlake Village, Calif.
MSPs should also consider the following when helping their customers avoid tax scams:
- Make sure your clients know that the IRS will never contact them for personal information or about tax-related matters via email. If they have questions, direct them to the IRS website under “Help and Resources” or have them call the toll-free numbers on their tax forms.
- If you work with clients that have a number of employees in human resources or finance, ensure that they are on the lookout for a new variety of scam targeting employees. Scammers are asking these and other employees to supply information related to income reporting form W-2 that employers provide to employees around this time of year.
- Barlow often sees claims of free tax processing via e-file that are designed to gather Social Security numbers. Counsel customers to stick with well-known tax services and never respond to email solicitations.
- Also urge caution with documents containing macros. Barlow and the team at Sophos have seen an increase in topical events such as tax filings being used to infect victims with ransomware through booby-trapped Word and PDF documents.
These considerations and cautions are not meant to paralyze businesses, but to keep them on alert during tax season and throughout the year.