Open Forum

All Communities
 View Only
Back to discussions
Expand all | Collapse all

Cyber Security & Tax Season

  • 1.  Cyber Security & Tax Season

    Posted 04-07-2022 13:25
    Edited by Kelly Romeo 04-07-2022 13:27

    The tax filing deadline is quickly approaching and fraudsters are getting more creative. Here are a few old and new tricks if you are a last-minute filer:

    • Text Messages. The IRS will not text you, even if you shared your mobile number with them in the past. The verbiage, the caller ID, and even logos may appear REALLY authentic. Well-timed scams are designed to reach you when you may be feeling most vulnerable . . . ranging from extension requests to status messages like: "Your submission was denied, click here to resolve." Links supplied in these messages lead to confidential information harvesting and identity theft operations.
    • Phone Calls. Phone scams impersonating the IRS and leaving pre-recorded, threatening, or urgent messages are also abundant, and so are emails that appear to be from the IRS or affiliated organizations asking taxpayers to share sensitive information. Answered calls are compelling due to a load of personal data already available for sale as a result of decades of security breaches .
    • Fintech Apps. Hackers are spoofing popular fintech apps like (personal finance app) Stash and (investment app) Public to trick users into sharing their login credentials and personal details
    • Malware in Apps. Fake mobile tax apps are pushing malware to user's mobile device
    • Malware in Forms and Files. Criminals are sending malware using password-protected W9 forms. A carefully crafted email will have a macro-enabled Excel or Word attachment that contains malicious code inside the document

    Remember, the IRS does not communicate with taxpayers via email, text, or phone calls. For any legitimate inquiry, you will receive a letter via USPS mail. Bits and pieces of personal information on most of us are readily available to scammers due to overexposed social media profiles and data stolen in recent security breaches. This availability of personal information makes many social engineering attacks plausible.

    Shared by Genady Vishnevetsky, chief information security officer for Stewart Title and chair of ALTA's Information Security Work Group.

    The ALTA Information Security Work Group welcomes conversation and questions about how to establish systems and policies to protect against unauthorized access, detect threats, alert administrators, and resolve issues. Resources are available at the Information Security page on the ALTA website.



    ------------------------------
    Kelly Romeo | SVP & CIO | ALTA
    202-261-2948 | kelly@alta.org
    ------------------------------
    ALTA Marketplace