Tax Season Means an Increase in Phishing Attacks

Heather Stratford, CEO of Drip7 warns, “bad actors will leverage the tax season to their advantage, therefore; be informed, take protective action and be extra vigilant with any email requesting information whether you are an organization or individual.”

SPOKANE, Wash. (PRWEB) April 04, 2023

Tax season phishing attacks target both businesses and individuals to steal information, particularly financial information. Drip7 wants you to be aware of the various types of attacks, how to recognize them, and why you should care.

Phishing is always a risk. Last year, there was a 61% increase in the rate of phishing attacks in the six months ending October 2022 compared to the previous year.[1] Everyone is a target, but during tax season social engineers like to target not only average taxpayers but accounting, HR, and payroll departments as well as business leaders. Attacks may appear to be from the IRS, tax preparation tools or companies, or connected to generation W-2 or 1099 forms.

Bad actors love tax season because of the large amounts of personal and financial data, exchanged with tax preparers and taxing bodies. During this time, a common attack involves convincing employees to share their W-2 form by reaching out as the company HR department. Once these criminals get access to the target’s W-2, they can file a false tax return. They may also target the actual HR or payroll department and pretend to be a legitimate employee requesting their W-2 information.

Cybercriminals love deadlines because the added pressure and time constraints can lead to individuals skipping important steps — like forgetting to inspect email and website addresses closely or trusting included phone numbers on potentially fraudulent emails. Urgency is one of the telltale signs of a potential phishing attempt — and around tax time everything naturally feels urgent.

In addition, scammers have a wide variety of sources to choose from that a person might trust, such as the IRS,[2] tax preparers, and financial institutions. These forgeries may even look identical to the original. But clicking on those links and entering credentials, or otherwise sharing sensitive information, may not only cause financial loss but also expose individuals and organizations to a list of risks including malware, ransomware, and data loss.

What can organizations do to protect themselves?

• Assess where your organization is vulnerable.
• Educate your employees with training on how to recognize and respond to phishing.
• Encourage them to verify authenticity and what to do if they discover suspicious activity.
• Require strong passwords and consider multi-factor authentication – for employees, customers, and vendors who have access to your network.
• Have protocols to verify requests for information or payments – especially if from an email outside your network.
• Stay current on the latest phishing ploys, scams, and threats.

Heather Stratford, CEO of Drip7 warns, “bad actors will leverage the tax season to their advantage, therefore; be informed, take protective action and be extra vigilant with any email requesting information whether you are an organization or individual.”

Giving employees the opportunity to practice responding to potential threats in a safe and learning environment helps keep a company secure. Drip7 has a phishing tool for organizations to train their employees in recognizing and appropriately dealing with phishing attempts. The highlight of this tool, beyond being easy to use, administer, and customize, is that employees know immediately if the email was a phish and are instantly provided with training to help keep the issue from happening again.

People may be the biggest weakness in organizations — but they also can be the greatest defense. All it takes is a little time and investment. Drip7 takes that literally by delivering training in gamified bite size pieces.

[1] [https://www.cnbc.com/2023/01/07/phishing-attacks-are-increasing-and-getting-more-sophisticated.html

[2] Never respond to unsolicited email and text messages claiming to be the IRS. The IRS never initiates contact with taxpayers by email, text or social media.

About Drip7

Drip7 is a leading innovator in the field of cybersecurity awareness training with an easy-to-use, mobile-based platform utilizing microlearning and gamification to increase employee engagement and create behavior change. Drip7 combines the right science and content to produce a superior training platform, from one question or “drip” a day to allowing employees to train when and where they want on their phone or computer, Drip7 engages users with an interactive dashboard, rewards, badges, and more. Included training is focused on cybersecurity and compliance; however, the platform can be customized by a company for any training need. For more information, please visit https://drip7.com

Share article on social media or email: