It’s the time of year when the Internal Revenue Service (IRS) releases its list of the latest tax scams. Scammers routinely use the anxiety of tax season to prey on the unsuspecting, and this year, they’re also using the pandemic and the government’s Economic Impact Payments to steal money and identities from taxpayers.
Cybercriminals are targeting small businesses with increasingly sophisticated attacks. “Corporate account takeover” is a form of identity theft of a business. Criminals phony emails pretending to be someone you know to trick you into clicking on links or attachments that can lead to malicious software being installed on your computer. Once this happens, they will ask you to enter credentials where they will gain access to your email account. At that point, they will send emails to the bank appearing to be from you to initiate ACH and wire transactions.
Companies of all sizes are being targeted by criminals through business email compromise scams. In these scams, cybercriminals gain access to an employee’s legitimate business email through social engineering or computer intrusion. The criminal then impersonates the employee often a senior executive or someone who can authorize payments and instructs others to transfer funds on their behalf. According to the FBI’s Internet Crime Complaint Center, over $10 billion has been lost by victims in the U.S. due to these scams.
Ransomware is a type of malicious software that encrypts files, preventing access until a demanded sum of money is paid in exchange to unlock files. Individuals and businesses have become targets in this growing online fraud.
While monetary losses to individuals and businesses can be excessive, businesses have more to lose, since cybercriminals can gain access to clients’ personal information and extort money from them as well as the business. Fraudsters can buy a kit on the dark net for about $175 and charge a business a ransom of approximately $84,000 per attack.
Certified Information Security Manager Margo Leiter offers nine tips for consumers and businesses to help prevent ransomware attacks.
Tips for consumers:
• Don’t click. Visiting unsafe, suspicious or fake websites can lead to the intrusion of malware. Be cautious when opening any email with attachments or links you are not expecting, even when you recognize the sender. When in doubt, throw it out!
• Always back up your files. By maintaining offline copies of your personal information, ransomware scams will have a limited impact on you. If targeted, you will be less inclined to heed threats posed by cybercriminals.
• Keep your computers and mobile devices up to date. Having the latest security software, web browser and operating system are the best defenses against viruses, malware, and other online threats. Turn on automatic updates so you’ll receive the newest fixes as they become available.
• Enable popup blockers. To prevent popups, turn on popup blockers to avert unwanted ads, popups or browser malware from constantly appearing on your computer screen.
Tips for businesses:
• Educate your employees. Employees can serve as a first line of defense to combat online threats if properly trained to recognize malicious emails, websites and online ads. A strong security program paired with employee education about the warning signs, safe practices, and responses aid tremendously in preventing these threats.
• Manage the use of privileged accounts. In an effort to limit your network’s exposure to malware, restrict users’ ability to install and run software applications on network devices.
• Have a plan. Determine how you will keep the business running in the event of an attack. Teach employees what to do, such as unplug from the internet immediately. Law enforcement doesn’t recommend paying the ransom as this encourages criminals to continue. Routinely back up and store the data on a separate device or offline in order to access it in the event of a ransomware attack.
• Protect your systems. Keep antivirus, anti-malware, and firewalls up to date and patched. Conduct regular scans. Hire a security professional.
• Report ransomware. Contact your local FBI field office immediately to report a ransomware event and request assistance. Visit https://www.fbi.gov/contact-us/field to locate the office nearest you.
Cyberattacks are becoming more and more sophisticated and common. According to the 2019 Norton Cyber Security Insights Report, 152 million U.S. consumers were victims of cybercrime – more than half of the country’s adult online population – with losses totaling nearly $11.3 billion. Crews Bank & Trust is highlighting ways to help consumers protect themselves against online fraud.
As of January 2020, there were approximately 246.3 million mobile internet users in the United States, accounting for 87 percent of the population, according Statista, a provider of market and consumer data. Review 42 reports that the average user will tap, swipe, and click their phone 2,617 times a day and spend 171 minutes a day on a device.
According to a recent study by Javelin Strategy & Research, identity fraud reached $16.9 billion in 2019. As identity fraud continues to be a major threat, Crews Bank & Trust is offering tips to help consumers proactively protect their information from identity thieves.
To paraphrase a famous expression: When the going gets tough, the scammers get going. Scammers are even identifying themselves as bank employees to steal information and cash. With COVID-19, the fraudsters are out in force, seeking to take advantage of the widespread anxiety generated by the global pandemic.
Although scam artists are working year-round to steal your identify and compromise your personal information, tax season seems to bring out the worst. Scammers are looking to steal tax documents, file fraudulent returns in victims’ names, and extort payment with false threats of IRS action due to outstanding tax bills.