Studies show that businesses lose $27 billion to tax scams annually and tax season is a prime time for fraudulent activity. Phishing emails are one of the leading attack vectors, thus, the FBI recently warned enterprises about a rise in business email compromise (BEC) schemes which will intensify during tax filing in the turbulent times of this pandemic.

This year the filing for tax returns will be different and more intense than ever. Not only has the COVID-19 pandemic pushed people to their home offices, but the distribution of stimulus checks has put an immense workload on the IRS’s shoulders. According to Google Trends, the search term “2021 tax deadline” saw a 2,000% increase in popularity since January.

“These figures suggest that Americans might postpone the filing until the last day and could be more likely to fall victim to scams since they are in a rush. Malicious actors try to leverage intense and complicated situations, so they will try to meet the nearing tax deadline by widely distributing phishing emails to steal personal and business data,” warns Juta Gurinaviciute, the chief technology officer at NordVPN Teams.

In a statement, IRS representatives urged people to file their tax returns electronically this year, to choose direct deposit on their returns, and to provide up-to-date banking information to claim their returns more quickly. The greater reliance on digital filing will also draw the attention of scammers.

The primary objective of BEC schemes is to obtain sensitive taxpayer information, including their social security number, home address, employment status, and location. With this information, fraudsters file fake tax return forms, changing the most important line—the deposit account number.

To obtain it, crooks aim at companies ranging from small businesses to high-profile corporations, as well as public institutions. In recent years, cybercriminals have elevated their phishing techniques and primarily employ so-called W-2 scams in targeting businesses and organizations.

Pretending to be someone from the upper echelons of management in the company,— e.g. the CFO or CEO, fraudsters target employees by asking them to provide a completed W-2 form for inspection. The document contains other sensitive employee data, which is then leveraged to file for the tax return. According to the FTC, impostor scamming techniques are the most popular type of fraud in the US, costing Americans hundreds of millions of dollars.

After obtaining the document, criminals can either file the fraudulent tax return forms themselves or sell the gathered data on the dark web to hackers, who might then commit identity theft as well as other crimes.

In addition to targeting enterprises, cybercriminals also try to blackmail individuals. In these attacks, instead of pretending to be someone from higher management, they take the role of the IRS itself.

Fraudsters might approach workers by saying they’re eligible for an additional return, or, on the contrary, they’re indebted and have to pay the discrepancy as soon as possible. These emails usually contain a link to a spoofed website, which prompts the visitor to enter their credentials—Social Security number, income, and other personal data.

The most important thing to remember is that the IRS never initiates contact with taxpayers via email, text message, or social media; not to mention asking for their personal information, such as PIN numbers, credit card information, or passwords.

How to mitigate the risk?

The tax season this year will last until April 17, and during this time, employees should be extra vigilant. If they’re requested to provide a W-2 form, they should contact the sender by other means and double-check if the request is genuine.

If employees received a message from the IRS, they mustn’t click any links in the email nor open the files attached. Instead, they should log in to their account via the institution’s website, to see if they really need to take any action.

“Haste makes waste, so employees shouldn’t comply with the scammer’s requirements before verifying the information. Organizations should implement clear algorithms on how they should report becoming a target of a cyberattack. If information security teams are alerted immediately, they can distribute memos in case other workers have also received phishing emails,” says a NordVPN Teams expert.

To protect themselves against identity theft, employees can set an Identity Protection PIN (IP PIN) on the IRS website. A six-digit code will be necessary to make any tax refund claims, and unauthorized applications will be denied. On the organizational level, make sure your company takes these essential steps to stay resilient:

Keep your staff updated by organizing engaging, entertaining, yet informative cybersecurity training.

Set and follow the company’s policy regarding emails and the information within them.

Make sure your workers are aware of any suspicious emails and do not hesitate to report them to cybersecurity professionals or the IRS itself.

They shouldn’t interact with the questionable email in any way, either by replying to it or clicking any links.

Your IT and security teams must keep all software up-to-date, in case tax scam emails also carry malware that leverages system vulnerabilities.

Consider using user-friendly file encryption tools, such as NordLocker, to protect your files if they’re compromised.