Every person in America, especially those that work with access to people’s personal data, whether part of a large organization or a small one, are now potential target for highly sophisticated, well-funded and technologically adept cybercriminals from around the world. Their objective is to obtain secure personal data so that they can best impersonate their victims. They utilize email, telephone or any other means that they can devise to trick each of us into giving up computer passwords, e-Services passwords, trick you into taking what seems like a normal business action but with them having access to what we all expect is normal operations. They will even attempt to take remote control of your entire computer.
None of us can fight these crimes alone. It takes all of us, working together. That is why the Security Summit – the unprecedented partnership between the IRS, state tax agencies, and the private-sector tax industry have come together to form a united and coordinated front against this common enemy. They warn us to increase our computer security and to be aware of our inbox – specifically for the successful email scams dubbed spear phishing that identify themselves as our friend, customer, appropriate colleague or company.
As part of the Security Summit effort, has a campaign entitled “Don’t Take the Bait.” It’s critical that we all remember that we have not just a moral obligation but a legal requirement under federal law to protect personal information.
As new and evolving threats involving data breaches, intrusions and various takeovers that put people’s personal information at risk occur, we all need to work to protect each other. Too many of us still seem to overlook basic security steps needed to protect the data we possess. We urge everyone we work with, not just personally but professionally, beware your inbox, don’t take the bait from these phishing scams.
Phishing scams use bait or lures to trick us into opening an infected link or attachment or disclosing usernames and passwords to critical accounts. Falling for the phishing bait means exposing data to theft. Don’t click on the link, and be wary of attachments. When in doubt, type a new email to the email address you have on file. Call the phone number on the monthly statement or back of the credit regardless of what the email says you should do. On a daily basis, wear a fraud hat, don’t facilitate someone being a victim. You are mostly protecting yourself.
Information that IRS is receiving indicates that from January through May, there were 177 tax professionals or firms who reported data thefts involving client information involving thousands of people. The IRS currently is receiving three to five data theft reports a week from just tax practitioners.
We are taking the time to remind everyone that we work with that yes, each of you are increasingly the targets of national and international cybercriminal rings. These syndicates are well-funded, knowledgeable and creative. It’s going to take all of us working together to combat these identity thieves, doing nothing or making a minimal effort is no longer an option for any of us.
The Security Summit is a collaboration of Federal and State Government as well as private companies that have come together and focus on pressing personal information security issues. We will be offering information from their “Don’t Take the Bait” series on security awareness, emphasizing the various types of phishing scams as well as common and successful tactic used in data breaches. The 10 part series will also focus on what steps each of us can take to protect ourselves as well as our clients and their businesses from these attacks.
The tax community and others with taxpayer data – including human resource departments, small businesses and others – are among those targeted with increasingly sophisticated phishing schemes.