IT Alert: Cybercriminals Are Taking Advantage of Tax Season

A Message from Matt, Sax LLP’s Chief Technology Officer

There is a new wave of phishing emails (an attempt made by cybercriminals to obtain sensitive data through digital communications) aimed specifically at stealing your private information this busy tax season.

This time of year, there is an increase in digital communications between individuals and their accountants regarding their taxes, and a large amount of tax returns are prepared with tax software and are filed electronically. This volume of sensitive, digital data is a breeding ground for cybercriminals who impersonate a trusted source, or bank on the intimidation of the IRS to extract data or payments and/or trick users into handing over their usernames and passwords.

In a recent targeted cyberattack of Office 365 users, individuals were hit with a password stealer when they downloaded a malicious document, disguised as tax-related alerts from the IRS.  Tens of millions of people have been affected.  Attackers consistently craft new email content to eliminate their fingerprints, but it is always the same philosophy – sound legitimate, gain trust and encourage individuals to click on a link that exposes them to malicious files.

It is imperative that you protect yourself from such attacks. No one is exempt.

Here are some best practices when it comes to securing your private information and preventing it from falling into the wrong hands:

  • Evaluate every email that calls for you to click on a link and/or provide sensitive information. Malicious emails can come from the exact email address of a friend, family member or trusted entity like the IRS. Be sure to ask yourself:
    • Am I expecting this email?
    • Did I do anything to warrant this email?
    • Is there contact information provided that I can use to verbally confirm this request for information is legitimate?
  • Create different passwords for all portals and accounts you use. If all passwords are the same and a hacker gains access to your log-in credentials, they then have the key to all.
  • Never send PII – (Personally Identifiable Information) like employer ID numbers (EIN), social security numbers, driver’s license number, banking information or log-in credentials of any kind via email.

Sax LLP is committed to the protection of our clients and the security of your data. If there are any questions at all as to how best eliminate your risk of exposure or a breach, feel free to contact Matt Hahn at [email protected].

Matthew Hahn is Sax LLP’s Chief Technology Officer and has been an instrumental voice in the technology community for over 25 years.  He sits on the Board of Computing Technology Industry Association (CompTIA) and the Global Advisory Board of Datto. Matt will lead Sax’s newest practice, Sax Technology Advisors, and will provide clients with business management solutions to address their every technology need.



Get in touch with Sax by filling out the form below: