Cyber Security

IRS Scams Targeting Businesses – How You Can Detect Them and Fight Back!

 March 18, 2020

By  Anton Kiorolgo

Federal law, via the FTC, requires businesses to maintain an information security plan to protect their clients’ data, no matter the business’ size. It is wise to proactively contact an IT security firm in advance to set up a security plan.

It is important to educate employees on what phishing is, how to spot it, and how to avoid it. Behind the scenes, it is advisable to set up a safety system to limit the chances of a successful fishing attack.

There is a multitude of resources available for businesses that lack an IT department or consultant but still must be compliant:

Let’s Review How to Fight Back Against IRS Scammers

Follow these easy tips below, and you’ll be able to keep scammers away. However, if they come knocking, you’ll know how to send them packing.

Ensure EINs are Current

Ensure your EIN on file with the IRS is up to date. Should it need to be changed, you can update your EIN with Form 8822-B (PDF).

If the IRS Needs Additional Information:

  • You will receive a Letter 6042C if the IRS needs information to validate the return.
  • You will receive a Letter 5263C if the IRS needs information to validate the entity.

Protecting Business Data

There are a few steps to take to set up proactive security measures:

  • Use an Appropriate Firewall and Virus Software: Understanding Anti-Virus Software and Understanding Firewalls – Using proper security measures on any electronic devices that you use is highly recommended as a first-stage level of protection against theft. It is important to ensure that the software is up-to-date and scheduled to run regular activity scans.
Take-Away: Taxes. Security. Together. – The IRS has posted a page on its site addressing the need for security on both private and business electronic devices. Use well-updated firewalls and antivirus software on any personal electronic devices. Ensure private data is encrypted. Practice discretion when posting personal information online. Use creative, hard-to-guess passwords and two-factor authentication on important accounts to ensure that they are secure. Always use multi-factor authentication when it is available. When entering personal information, make sure it is via a secure website. The clear sign is by “https” being present in the URL or “address bar.” Back up important files.
Take Away: PrivacyRights – Privacy Rights Clearinghouse, a nonprofit whose sole mission is to aid consumers in protecting their privacy, has created a checklist of ten rules for a secure password.

Do not use dictionary words.
Do not use personal information.
Do not use common sequences.

Do use special characters.
Do use longer passwords.
Do use creatively worded passwords.
Do Create unique usernames and passwords for each site.
Do Keep usernames and passwords in a safe place.
Do use a password manager to keep track of your accounts.
Do go back and revise security on unsecured accounts.
  • Use an encryption program to secure any data being stored.
  • Backup important data onto an external device that is not connected to the internet.
  • Wipe any unused or outdated equipment to ensure data isn’t recoverable from abandoned equipment.
  • Limit access to certain sets of data, restricting it only to individuals who need access.
  • Maintain multiple versions of your backup files, both onsite and offsite, going back as far as cost or legal requirements permit.
  • Use automated backup solutions, and do not rely solely on manual processes to backup data.
  • Test your backups regularly to ensure the data is actually being retained.

Protecting Your Business Against Employee Spear Phishing

It is important to educate employees on what phishing is, how to spot it, and how to avoid it. Behind the scenes, it is advisable to set up a safety system to limit the chances of a successful fishing attack:

  • Ensure employees are using separate personal and business email accounts.
  • Limit employee access to personal email accounts on workplace electronic devices.
  • Install antivirus software that includes anti-phishing protection.
  • Enforce a password-protected and encrypted documents only policy for file sharing.
  • Implement a system of verifying attachments from senders before opening them.
  • Enable two-factor authentication on all critical systems, and especially employee email accounts.

Share the Taxpayer Guide to Identity Theft and Publication 4524, Security Awareness for Taxpayers (PDF) with your employees.

The Signs of Business Identity Theft

  • Your return is kicked back because a return has already been filed using the same EIN or SSN.
  • You receive the transcript for a return that you did not request.
  • A notice comes in the mail that a new online account with the IRS has been created using your business EIN or SSN.
  • A notice comes that your IRS account has been either disabled or changed without your permission.
  • You receive a notification that you owe collections on a return that you did not file.
  • You receive a Letter 6042C or 5263C.
  • The business address is suddenly changed.

Signs an Attacker Has Entered Your Network

Cyberattacks are sneaky in that infections and intrusions are generally not obvious until the attack has been initiated or damage has been done. Particularly good cybercriminals are able to cover up their actions with either long-honed expertise or sophisticated black market software. Savvy IT professionals may spot the “breadcrumb trail” that hackers leave behind as they jump around the network, shifting or changing files as they go, but as they are difficult to spot, this is rare. More commonly, cybercriminals are spotted by network monitoring software, which is designed to catch and log small changes as they happen.

  • Networks, user accounts, and workstations suddenly have their passwords and administrative rights changed.
  • Clients begin receiving emails written by employees from your organization that they did not write.
  • The cursor moves or keystrokes are made without physical input.
  • Typical tasks such as saving information, opening and closing software, and word processing become slower than usual.
  • Network speed suddenly drops.

Where to Report Data Theft

IRS Business Phone Help Line

Report a Suspected Data Security Breach

Report a Form W-2 Scam

W2 Information Has Been Stolen! What Should I Do!?

This is a relatively new scam, with the first reports coming about in 2016. In this scam, phishing cybercriminals, spoofing the IRS, gain access to an individual or business’ W2 forms.

If you have been the victim of a W2 scam, report it to phishing@irs.gov with appropriate information on what was sent to the attacker.

Want to join in the conversation? Talk with us on social media!

Facebook: https://www.facebook.com/secfirstit/

LinkedIn: https://www.linkedin.com/company/securityfirstit

Hashtags: #scam #financial #financial scam #financial education #financial freedom #financial scams #financial services #scams

Additional Reading:

(IR-2016-34) IRS Alerts Payroll and HR Professionals to Phishing Scheme Involving W2s

(IR-2017-10) IRS, States and Tax Industry Renew Alert about Form W-2 Scam Targeting Payroll, Human Resource Departments

(IR-2017-20) – Dangerous W-2 Phishing Scam Evolving; Targeting Schools, Restaurants, Hospitals, Tribal Groups and Others

(IR-2017-130) – Don’t Take the Bait, Step 6: Watch Out for the W-2 Email Scam

(IR-2018-8) – IRS, States and Tax Industry Warn Employers to Beware of Form W-2 Scam; Tax Season Could Bring New Surge in Phishing Scheme

Enjoyed this article? Take it with you as a .PDF!

Having trouble finding trustworthy IT support?

Please contact us to schedule a consultation.

Subscribe to our newsletter now!