Hackers’ next target? Your W-2 and tax refund.
As if tax season wasn’t stressful enough, Krebs on Security is reporting unprecedented tax fraud this year. As a result, the IRS is taking up to three times longer to review 2015 tax returns compared to past years. Many states didn’t begin issuing refunds until March 1, with additional delays expected due to the high number of paper checks they will issue in order to circumvent fraud associated with electronic deposits.
How do tax hacks work?
Primarily, hackers are phishing employee W-2 data. “Thieves have been sending targeted phishing emails to human resources and financial employees at countless organizations, spoofing a message from the CEO requesting all employee W-2s in PDF format,” says Krebs. This is a classic case of compromised inside threats. Your employees certainly don’t intend to expose their colleagues’ personal information, but it finds its way to the attackers nonetheless.
Attackers are hitting companies large and small, with huge numbers of employees’ data being compromised:
- 28,000 employees at market research giant Kantar Group
- 17,000+ employees at Sprouts Farmer’s Market
- 180 employees at ISCO Industries
- 425 employees at EWTN Global Catholic Network
- Countless more at Acronis, Medieval Times and QTI Group among others
This year’s tax fraudsters are also scaling beyond “mom and pop shop” tactics into professional operations. Hackers register as “electronic return originators,” or EROs, which are legitimate businesses that prepare and transmit tax returns electronically. They then purchase tax preparation software and services, so that they can run fraudulent refund requests more quickly, and at much higher volume.
How is the government responding?
In response, federal and state governments are deploying sophisticated fraud filters to flag suspicious returns. According to Krebs, “The filters look for patterns known to be associated with phony refund requests, such as how quickly the return was filed, or whether the same Internet address was seen completing multiple returns.” The filters are also “smart”; with each new breach, they are reprogramed with the new data to make the next rounds of processing even more precise.
As mentioned above, these efforts slow down tax return processing considerably. In addition to the time required to sort and filter each return, adjust the algorithms, and address known corporate breaches, revenue departments are using “traditional” tactics as an extra failsafe. If they can’t prove that a return is fraudulent, but have serious suspicions, they will deny the electronic bank deposit and cut a check to the taxpayer’s known address. I think we can all agree this is a good thing, but it slows down the system even more.
How can you protect yourself and your business?
At the individual level, the best protection is vigilance against phishing attempts. Verify any and all requests for sensitive data with the relevant departments, and go through the proper, secure channels if and when it must be shared. Every employee who shuts down an attack helps prevent thousands more from being breached.
At the corporate level, the strategy is two-pronged. Ensure that you have safeguards in place to prevent phishing emails and other attack vectors from ever reaching your employees and their data. If they don’t get the email, they can’t become compromised. Remember, however, that no cybersecurity systems are foolproof, and a multi-layered approach is always best. Consider a solution designed to flag inside threats, even unintentional compromised users, such as Imperva CounterBreach. The sooner you know that your employees are being compromised, the more quickly you can contain the attack.