ID theft scams & hacks continue in the tax world (& beyond)

What a fun Monday. The hubby and I spent much of the morning setting up free credit monitoring accounts related to recent healthcare data breaches. Then we each ordered a free credit report to see if miscreants had been pretending to be either of us.

I suspect we are not alone in taking identity theft precautions.

The HIPAA Journal reports there was a 261 percent month-over-month increase in breached healthcare records in July. More than 18 million records were exposed in 56 reported incidents. The incredibly high total was due to a major data breach at HCA Healthcare that saw the records of almost 11.3 million individuals compromised.

Yes, I'm part of the HCA breach. But the news is good for the hubby and me. So far, we're in the clear, and our credit reports came back clean, too. Fingers crossed 🤞 this holds.

Tax security concerns, too: The healthcare industry data breach alerts come as the Internal Revenue Service also is reminding tax professionals to stay vigilant when it comes to their online collections of client information.

The IRS and its Security Summit partners said today that they continue to see a steady stream of attacks on tax offices. Just like this summer heat, the surge of summer tax schemes just won't let up.

The reason for the tax pro targeting is simple. If the crooks can get into a tax preparer's system, it has access to a treasure trove of sensitive tax and financial information from their clients.

The criminals also look to take advantage of the tax pros' info. If they can get that, they use it to file false returns in lieu of the legitimate tax preparer.

Common access attempts: While hacking always is a possibility, the IRS and Security Summit members from state tax departments and the private sector tax industry remind tax pros to be aware of phishing and related scams.

These ID theft attempts are the among the most common threats.

They're designed to trick the recipient into disclosing personal information, such as passwords and bank account, credit card and Social Security numbers, or into sending gift cards or wire transfers to the scammer.

They usually take one of these forms.

• Phishing/Smishing – Phishing emails or SMS/texts attempt to trick the recipient into clicking a suspicious link, filling out information or downloading a malware file. Often phishing attempts are sent to multiple email addresses at a business or agency increasing the chance someone will fall for the trick.
• Spear phishing – This is a specific type of phishing scam that identifies potential victims and delivers a more realistic email known as a "lure." These types of scams can be trickier to identify since they don't occur in large numbers. They single out individuals, can be specialized and make the email seem more legitimate. These senders can pose as a potential client for a tax professional, luring the practitioner into sharing sensitive information.
• Whaling – Whaling attacks generally target leaders or other executives with access to secure large amounts of information at an organization or business. Whaling attacks can also target people in company payroll, human resources, and financial offices.

Cloud-based schemes: The growth of cloud computing also has seen an increase in attacks that take advantage of cloud-based applications.

These schemes trick their victims with realistic-looking phishing emails that contain links to portals that look like these applications but are really phishing websites designed to collect the tax preparer's credentials.

Tax pros that use cloud-based applications to store information or run tax preparation software should use multi-factor authentication to help safeguard data. Multi-factor authentication provides an extra layer of security.

Warning signs of scams: Regardless of the type of phishing attempt, tax pros — and all of us individual taxpayers, too, — can protect their businesses (and ourselves) by recognizing the following warning signs.

• An unexpected email or text claiming to come from a known or trusted source such as a colleague, bank, credit card company, cloud storage provider, tax software provider or even the IRS and other government agencies.
• A false narrative with an urgent tone telling the receiver to open a link or attachment.
• An email address, number or link that's misspelled or has a different domain name or URL like irs.com instead of the agency's genuine IRS.gov.

The bottom line is to stay alert and skeptical of anyone or group that asks for your or your business' information.

Don't immediately respond, to calls, texts, emails, or U.S. Postal Service or private deliveries. Instead, call the real office of the purported sender, be it the IRS, your bank, or a vendor, and double check.

It might take a little time, but it will save you from falling victim to scammers, tax and otherwise.

Report any scams: Also report any type of scam message. This helps the IRS and its government and private sector partners stay on top of schemes and catch the perpetrators.

Send email scams to [email protected]. The IRS says you can simply forward the message, but it helps IRS cybersecurity experts more if you send the full email header to help them identify the scheme. The IRS.gov Report Phishing and Online Scams page provides complete details.

Also report any scams to the Treasury Inspector General for Tax Administration (TIGTA) or the Internet Crime Complaint Center. The Federal Communications Commission's (FTC's) Smartphone Security Checker also is a useful tool against mobile security threats.

And if you do fall for a scam, file a complaint with TIGTA, as well as visit the FTC's IdentityTheft.gov page and the IRS' Identity Theft Central.

Finally, you can also review the ol' blog's alerts and tips on identity theft schemes and tax scams. This post will be at the top of those categories right now, so just scroll down for more.

You also might want to do what the hubby and I did this morning and check your credit reports. The easiest way to do that is at the web page mentioned at the beginning of this post, AnnualCreditReport.com. The box to the left also has phone numbers if you prefer to call or need other help.

Other identity theft and tax scam posts you might find of interest:

• IP PINs recommended to thwart tax ID thieves 
• Tax scammers hard at work with new fake IRS mailing 
• Watch for these data theft red flags, by tax and other financial crooks

Advertisements

🌟 Search Amazon Business and Money Books 🌟
The text link above and image links below are affiliate ads. If you click through and then buy a product, I receive a commission.