Beware of Tax Season Scams

For most of us Jan. 1 to April 15 is just tax season, but for hackers its “prime hunting season” to steal personal and financial information from unsuspecting taxpayers and businesses.

Each year, hackers roll out new phishing scams -- fake emails used to acquire sensitive information such as usernames, passwords, financial information, credit card details, etc. They fool the user into clicking links or attachments by posing as a trustworthy source.

A new phishing scam called "tax transcript" is making the rounds. Cyber criminals are tricking people into opening emails that look like they are from the IRS, carrying attachments that are labeled “Tax Account Transcript” or something similar that includes the word “transcript” included. The impersonators want you to think that you’re getting a summary of your tax records, but people opening the file get a delivery of malware instead.

The IRS does not send unsolicited emails and would not deliver sensitive tax information in an email. If you think you have clicked a link, or opened an attachment in error, let your IT support company know at once.

That goes for your work computer as well as your personal devices. Many of these scams target users at work, so that hackers can access company data and any client information that might be stored.

Related: Cyber Security is everyone's job! Get the Executive Guide to Cyber Security.

Today, hackers are targeting small businesses more than ever because most of the time they have mediocre security systems that do little to keep hackers out. Many business owners think that hackers have no interest in their small operation since they don’t have as many assets as large businesses, but they are generally easier to access, making them a good target. Small businesses also don’t monitor their systems routinely or properly, so the hacker has less chance of getting caught. The risk is lower and the reward is lower, so hackers will compromise more systems to get their desired monetary gain.

So how do you protect yourself and your critical business data? The absolute minimum security devices that every business needs are a managed firewall, web filter and spam filter. Proper management means that these devices are being monitored daily by a person or an automated process, the event and drive space logs are being watched for trends and unusual activity, and the devices have the latest updates installed promptly.

Related: Are you making these BIG IT security mistakes?

New threats are cropping up at an alarming rate and if your system is not kept up-to-date, you are only protected against the old threats, not the new ones. The same is true with your workstations and servers. The operating system and security software needs to be updated promptly when patches are released or you’re leaving yourself open to threats. Your network is only as secure as its weakest link.

Without these security minimums, your business is like a car with the door unlocked. Hackers are walking around checking door handles and if you fail to keep yours locked, you’re just making it easier on them.

It only takes one security breach to compromise your financial well being, your reputation, and the relationships you have spent years building with your customers. Good security is always worth the investment, and in most cases, the cost is around a few hundred dollars per month.

The first step to reducing your risk of cyber attack is to assess your current situation. Get a Cyber Security and Risk Assessment to see if you have gaps that are increasing your business risk. Get the details and schedule an assessment.