Tax Phishing Scams


As time marches on, we are going to be ever more vigilant about cybercrime, which is quickly overtaking the nation as a leading cause of economic crime. High on the list of cybercrime methodology is Phishing, in which a fraudster posing as a trustworthy individual, attempts to gain sensitive or confidential information from another individual using electronic/digital means. The newest form of this fraud is tax phishing scams.

Enter the Newest Tax Phishing Scam

Ironically, as we enter the first quarter of 2017 and embark on tax season, the national news is awash with warnings of cybercriminal activity — forms of tax phishing scams that appear to be sweeping the country. It is so prevalent this year that the Internal Revenue Service has issued an alert about a new threat that involves workers getting emails purportedly from their employers that ask for W-2 information and other personal data such as Social Security Numbers.
Armed with this information, the cyber thieves file for refunds in the name of their unwitting victims. These tax phishing scams reach up to the levels of senior management in companies, who themselves also receive requests for this information from what they perceive as their top management officers. All the requests are couched in the form of familiarity and the “feel” of the actual management official, making the mail look very real to recipients. This tends to throw recipients off guard and have them believing the request is valid.
Ironically, this increase in phishing scams is thought to be a result of success in the consumer arena in combating point-of-service (POS) crime with the new chip technology. Foiled at the counter, the cyber criminals reverted to increasing their attacks online, and have been largely successful. According to ABC World News, for example, in 2016 approximately 22,000 people were victims of this new approach, and some 3.2 billion dollars were lost.

Damage That Unchecked Phishing Can Do

A prime example of the huge damage that phishing can do is seen in the email “scandal” of Hillary Clinton’s campaign when the email of the candidate’s campaign chairman, John Podesta, was hacked. In early 2016, an email carrying a warning that his password had been hacked landed in the “Spam” folder of the chairman. It looked every bit like a valid Gmail warning, and consequently after a user clicked the “Change Password” link, the door was opened to 60,000 emails being hacked by what we now know were Russian civilian and military intelligence services.

Digital Safety Requires Vigilance

Phishing was one of the earliest forms of scamming and cyber criminal activity, and apparently it has not lost its charm for cyber miscreants who are never at a loss to come up with new twists and turns in the scam to part victims from their money. This makes it incumbent on consumers in all areas to increase their computing protection and vigilance.

Global Learning Systems (GLS), one of the leaders in the field of security and compliance, provides a path to safety amongst the treacherous shoals of cyber criminal activity. GLS’ phishing simulation tool  — a phishing exploit testing Software-as-a-Service (SaaS) platform — ensures that your company won’t be vulnerable to cyber attacks by training, testing and assessing employees’ ability to combat the attacks. This product is integrated with its OnDemand Learning Management System (LMS); it enables your organization to simulate an attack, and intervene with just-in-time training. It then automatically enrolls users in different levels of anti-phishing training based on their reactions to various Phishing threats.

Advantages of using a phishing simulation tool include a tripartite unfolding of the product in which simulated exploits that look identical to real malicious threats are pushed to users. If the user falls for the simulated phish, he or she is moved to a page explaining the dangers of that action. Depending on the behavior of the user, he or she is guided to one of several options that will help change the behavior of the user. In the third phase, administration is provided with custom reports outlining facets of the user’s behavior, which enables managers to remedy deficiencies.

GLS will be participating and providing demonstrations at the RSA®Conference 2017 from February 13 through 17 at Booth # 619.
As 2017 moves on, keep in mind some elementary protection against phishing:

Scrutinize emails to make sure they are legitimate. This includes checking  the email for anomalies such as misspelled words, grammar errors, non-personalized introductions (“Dear Customer,” “Hi,” “Hello,” etc.), or threats/urgency in moving on the issue.
Check the sender’s actual web address by hovering or resting (NOT clicking) your cursor on the web URL to see if it differs from the purported sender address.
Look to see if the email is from a popular company or one with which you deal (for example, Microsoft®, Gmail, an internet provider, etc.), as these companies’ popular names are often used as an entree into a scam.
Beware of “too good to be true” news, such as a prize winning, lottery or sweepstakes. These hooks are often used to bait users.
Be cautious about succumbing to “scareware” or rogue security software scams, which purport to be good protection software against cyber criminals, but is in actuality the very hook that lets them in!
And last, never click a link in any unsolicited email; go to the internet instead, find the company and check with it to see that the email is valid.

What Can You Do?

Learn more about organizational security and how GLS’s Anti-Phishing Simulation Tool can help. And as part of our Human Firewall 2.0 security awareness program, Global Learning Systems offers a wide array of courses for the prevention of phishing:

GLS Logo

Enjoying our cybersecurity blogs?

Try out our weekly security awareness tips, sent directly
to your inbox.
GLS Logo

Your download is complete!

Need more training?