Welcome to your February Savvy Cybersecurity newsletter. Read on to learn more about:
- Why you should think twice before scanning a QR code
- Cyber threats related to the Russia and Ukraine conflict
- Software you must update today
- And more
Don't Fall for These Scams this Tax Season
Each tax season brings along new scams designed to steal your tax refund. While tax-related identity theft complaints have decreased in recent years, thousands of individuals still find themselves victims of this fraud each year.
In these scams, fraudsters trick unsuspecting victims into giving them enough information to file a fraudulent tax return in their name and redirect the payment to their own bank account. When the victim goes to file their return, they are notified that a refund has already been sent.
In many instances, scammers will impersonate the IRS to gain this information. It is important that everyone is aware of these scams and knows what actions to take to best protect themselves.
- Text message scams
This year, the IRS warns taxpayers of text messages appearing to come from the agency. The message may ask you to click to view your refund status or account details. Instead, the text message is from a scammer attempting to gather your personal information.
The IRS will never communicate with you via text message. If you do get a text message that appears to be from the IRS or related to your taxes, do not click on any link. Delete the message.
- Phishing scams
Tax scammers have always relied on phishing emails to lure taxpayers into sharing personal information. These emails appear to come from the IRS and may ask you to log in or share personal information. The IRS will never contact you via email—mail delivered by the USPS is the agency's main form of communication.
If you get an email that appears to come from the IRS, do not click on any links or open any attachments. Delete the email immediately.
The IRS has also seen an uptick in spear-phishing attacks directed at tax professionals in recent years. Here scammers target tax professionals with emails that appear to be from the IRS or tax software. The goal is to gain access to their clients' information to file hundreds of fake returns. Not only should tax professionals be on the lookout for these emails, but clients should also be cautious opening emails from their tax preparer. When in doubt, pick up the phone and call.
How to protect yourself
In addition to being aware of the tax scams that exist, there are steps you can take to help lock down your tax return. A few years ago, the IRS introduced Identity Protection PINs (IP PINs) to help protect taxpayers. IP PINs are six-digit numbers that prevent someone else from filing a return in your name. You must submit your PIN to verify your return.
When IP PINs were first introduced, they were only available to proven victims of identity theft or residents of certain states. Now, anyone can apply for an IP PIN. You can request the IP PIN on the IRS website. You will need to prove your identity by answering some questions.
Once you are set up with an IP PIN, you will receive a new one each year. It will be available in your online IRS account so be sure to protect that with a strong password. You or your tax preparer will submit your IP PIN when you sign and submit your return.
Think before you scan. Quick Response codes, or QR codes, have become a convenient way for many businesses to get you to visit their websites, download their apps, make payments, view their menus, and more. However, the FBI is warning that people can easily manipulate QR codes to steal your money or personal information. Here, you can find more information and tips on how to protect yourself from this kind of exploitation..
Conflicts with Ukraine may raise cyber risks for US. With the international pressure growing over Russia's conflict with Ukraine, many major U.S. enterprises could be in the crosshairs of a nation-state military standoff which could easily crossover in the cyber territory. CISA has been working since mid-December and is taking this situation "very seriously." Additionally, the National Cyber Security Centre (NCSC) in the U.K. has been urging companies to bolster their cyber security resiliency.
Red Cross's data breach likely caused by nation-state hacker. The human rights organization reported a data breach last month that affected more than 500,000 people. Names, locations, and contact information of those helped by the Red Cross were exposed in the breach, as well as information on staff and volunteers. The group now believes that a nation-state is behind the attack.
Cyberthreats in the education system are on the rise. Due to the Covid-19 pandemic, reliance on technology in the school systems has become extremely important. With that reliance comes growing cyber threats for schools across the U.S., which has led schools to shut down and demand more funding. Learn more about the rise of cyberthreats in the school system here.
Online romance scammers looking for cryptocurrency. The Federal Trade Commission reports an uptick in heartbreak scams this year. Complaints about this type of scam are up 80% from 2020 numbers. In this type of fraud, scammers reach out to unsuspecting victims and begin to romance them online. After gaining trust, they ask the victim for money to help with a health crisis or financial issue. The FTC has noted that more of these scams are asking for cryptocurrency as payment.
Cybersecurity Review Board formed by Biden Administration. Recently, the Biden Administration formed a panel of administration officials and private-sector experts to investigate major national cybersecurity failures. They will be tasked with examining significant cybersecurity events that affect government, business, and critical infrastructure. Their first case will be to probe the recently discovered Log4j internet bug.
Why hiring more cybersecurity professionals is important now more than ever. There are real-life consequences to cybersecurity staffing shortages–including more breaches and data theft. Although more than 700,000 professionals joined the cybersecurity field in 2021, the demand for more professionals in the field continues to outpace the available supply. Additionally, a recent study confirmed that there are many negative consequences when cybersecurity staff is stretched thin. You can learn more about the gap, and the importance of hiring more cybersecurity professionals, here.
Adobe: A zero-day exploit is currently impacting Adobe Commerce, the company's e-commerce platform. Any sites using this as their e-commerce program should update immediately. You can learn more about the update here.
Google: Chrome users should update their browsers as soon as possible due to a zero-day exploit. Your browser will alert you to update. Read more about the security vulnerability here.
Microsoft: An update to address nearly 50 security vulnerabilities was released by Microsoft this month. These updates are for Outlook, Microsoft Edge, OneDrive, Office, and other programs. None of the updates are considered critical, but you should still update as soon as possible. You can learn more here.