How Retailers Can Protect Themselves From Tax Scams
It's high season for tax scams as we near Tax Day on April 15, and retailers, like everyone else, are in danger of becoming a victim to fraudsters. In fact, with large staffs that may be untrained on what to look for or be aware of when it comes to scams, retailers are particularly vulnerable. Revenue loss from tax fraud and schemes costs the federal government hundreds of millions of dollars each year, but it also affects corporations and institutions. Tax season offers a way in for criminals posing as the IRS or other government agencies, who then, with sensitive information in hand, are able to steal data or employee personal information.
Annually, the IRS releases its Dirty Dozen list of tax scams to watch out for during tax season. Highlighted below are the top three scams from this year's list, as well as some recommendations on how retailers can avoid falling victim.
Phone scams are a form of social engineering and have been around for some time now. The most common phone scam is the tech support scam. Scammers call, pretending to be from tech support saying they've found a virus on your computer or network and offer to remove it if you give them control over your computer. Once they have control, your computer and personal information are vulnerable.
The IRS has seen a surge of phone scams in recent months, with scam artists threatening arrest, deportation, license revocation or other intimidation methods. Scammers might also call pretending to be the IRS and ask for the company's banking or credit card information. The IRS will never call you, so just hang up.
Key Takeaway: Counsel employees to not trust or provide any personal or company information if they receive an unsolicited call, no matter who it's from.
Phishing comes in the form of email, and aims to gain information by convincing you to click on a malicious link or attachment, sometimes threatening dire consequences unless you respond. If successful, sensitive information could be exposed and your networks placed at risk.
Key Takeaway: "The IRS won't send you an email about a bill or refund out of the blue," said IRS Commissioner John Koskinen. "Don't click on one claiming to be from the IRS that takes you by surprise." Don't open attachments, click on links or reply to emails claiming to come from the IRS or a related agency.
Counsel employees to be suspicious of emails with upsetting or exciting (but false) statements that try to get them to react immediately. They should also be wary of emails that contain forms asking for confidential information, as well as links or attachments that aren't expected. Those links or attachments could be scams to steal valuable personal information, money or data, or they may install viruses or spyware on your network.
Identity and Data Theft
Fighting digital theft is an ongoing battle as thieves continue to create new ways to steal. While phone scam or phishing attempts are increasing in frequency, physical and virtual information left unprotected is still a primary target for theft during tax season. Understanding how to protect personal information, whether it's sitting in your mailbox or on a public computer, is important.
Key Takeaway: Mailbox theft has become a year-round problem, and fraudsters count on the fact that important tax documents arrive via the mail in the first quarter of the year, including employee W-2s and other company tax information.
Make sure there's a secure mail receiving process in place and, if possible, limit the number of people that handle the mail internally.
Just like any online activity involving sensitive information, don't share company or employee tax information via public Wi-Fi networks. Stick with a secure network connection for all activity involving sensitive information, and make sure the computer that's being used is protected with up-to-date anti-spam/virus software, a secure firewall and updated security patches.
You can find more tips to avoid being a victim of identity theft on the IRS site: Identity Theft a Major Concern on the IRS Annual "Dirty Dozen" List of Tax Scams to Avoid.
Disclaimer: This article aims to provide helpful insight on protecting yourself from tax-related fraud. This information is offered as a guide only and shouldn't be treated as a full statement on the subject.
Lori Rosenberg is an information security communications manager at eBay. She writes information security-related articles for eBay employees as well as customers, sharing information about each person's role in keeping information secure.