Go big or go home, unless you're a cybercriminal targeting businesses.
More than 70 percent of cyberattacks are aimed at companies with 100 or fewer employees.
That revelation is from the Internal Revenue Service and its Security Summit partners as this year's National Tax Security Awareness Week was winding down. It's also this weekend's By the Numbers figure.
In going after smaller business, con artists target credit card or payment information, the business identity information, or data on employees.
"Thieves may steal enough information to file a business tax return or use other scams that involve the company or its employees," said IRS Commissioner Chuck Rettig.
That's why businesses, just like individuals and tax pros, need to stay alert and take steps to guard against felonious online intrusions.
The IRS, its state and tax industry partners, and the Federal Trade Commission (FTC) suggest the following best electronic business practices:
- Set security software to update automatically,
- Back up important files,
- Require strong passwords for all devices,
- Encrypt devices, and
- Use multi-factor authentication.
You can find more recommendations at the FTC's Cybersecurity for Small Businesses web page.
Old and new business scams: Businesses should be on the lookout for a couple of types of schemes that are showing up now.
One is relatively new. Online crooks are still sending out COVID-19 phishing email scams that attempt to trick employees into opening embedded links or attachments.
The other format, Form W-2 theft schemes, has been around for ages. Back in 2016, a National Basketball Association team fell for it.
In the most common version, a thief poses as a high-ranking company executive who emails payroll employees and asks for a list of employees and their W-2s. Businesses often don't know they've been scammed until an employee reports his/her identity has been used to file a fraudulent tax return.
There is a special reporting procedure for employers who experience the W-2 scam. It can be found at the IRS' Identity Theft Information for Businesses web page. Other IRS related email scams may be reported using firstname.lastname@example.org.
More Security Week tips: You can find more cybersecurity alerts and tips in the IRS announcements issued this past work week in conjunction with National Tax Security Awareness Week.
Below are the links and highlights of what you'll find in each.
Taxpayer alert as holidays, tax season approach: Watch out for scams, protect financial information; National Tax Security Awareness Week, Day 1 highlights important tips (Nov. 29, 2021) — Kicking off a special week, the Internal Revenue Service and the Security Summit partners today warned taxpayers and tax professionals to beware of a dangerous combination of events that can increase their exposure to tax scams or identity theft.
National Tax Security Awareness Week, Day 2: Giving Tuesday reminder that scammers can use fake charities to get sensitive information (Nov. 30, 2021) — The Internal Revenue Service and Security Summit partners today warned taxpayers to be wary of fake charities used by scammers to get money as well as sensitive financial and personal information from victims.
National Tax Security Awareness Week, Day 3: Choosing a special Identity Protection PIN adds extra safety for taxpayers (Dec. 1, 2021) — As part of a wider effort to increase security, the Internal Revenue Service today reminded taxpayers they can get extra protection starting in January by joining the agency’s Identity Protection Personal Identification Number (IP PIN) program.
National Tax Security Awareness Week, Day 4: Security Summit warns tax pros that pandemic adds to data-theft risks; offers tips and outlines common scams (Dec. 2, 2021) — The Internal Revenue Service, state tax agencies and the nation’s tax industry today warned tax professionals that they face additional security risks from cybercriminals seeking to use the pandemic and phishing scams to steal sensitive client information.
National Tax Security Awareness Week, Day 5: Security Summit partners remind businesses to tighten security; be aware of steps to help prevent, protect data loss (Dec. 3, 2021) — The Internal Revenue Service, state tax agencies and the nation’s tax industry urged businesses to be alert to cyberattacks aimed at gaining access to business data and customer information and be aware of steps to help them on tax-related issues related to identity theft.
The IRS' A Closer Look column also features taxpayer security tips from Michael Beebe, director of the agency's Return Integrity and Compliance Services. And you can check out the special IRS' National Tax Security Awareness Week 2021 page with even more cyber protection material.
While these tips obviously focus on taxes, they can provide guidance on staying safe online whether you log-in to do some holiday shopping, or make financial transactions, or, of course, take care of some year-end tax moves.
You also might find these items of interest:
- Gift cards are great holiday gifts, but not a way to pay taxes
- COVID pandemic provides new paths for con artists to steal tax (and other) money, identities
- 7 ways to protect your tax identity during peak holiday online shopping season — and year-round