With the holidays here and a clear picture of the 2018 tax season up in the air, the IRS, state tax agencies, and national tax professionals have alerted consumers to be wary of fresh email phishing attempts related to next year’s filing. Even with increased cybersecurity and heightened awareness about such efforts, these scams continue to proliferate, with hackers trying anything to pilfer personal information like passwords, account details, credit cards, and Social Security numbers.
This latest round of phishing emails comes in many forms: urgent warnings informing users that they have to update their online financial accounts. Downloads of important documents or contract agreements that need to be signed. A waiting tax refund that just needs verification. The IRS and other government agencies recently created a week of publicity to raise awareness about such scams.
The common thread between all of these disparate scams? Just enough social engineering — using common knowledge gleaned from social media, recognizable lines of communication, official logos, or other familiarities — to make the emails appear trustworthy or reliable. Such targeted messages can fool even the most cautious among us into clicking a link to a fake site, downloading a malware-infected file, or providing information that could compromise sensitive business data.
These kinds of phishing attacks remain popular with cybercriminals because no single foolproof technology exists to defend against them. Employees are the main defense — so true security is only attained when strong network defenses are paired with the right amount of employee training. That way, computer users become the best line of defense for a small to medium-sized business.
Below are a few recommendations for fighting back against phishing attempts and other online scams. If you have questions about these strategies or need assistance with cybersecurity in the New Year, contact CMIT Solutions today.
Stay vigilant and skeptical.
Never open an email from an unknown sender — and use even more caution before clicking any link or opening an attachment, even if someone you know sent it. Cybercriminals are experts at social engineering, spoofing email accounts (think firstname.lastname@example.org instead of email@example.com) and imitating friends, family members, and colleagues to try and gain access to your information.
Never provide personal or financial information via email.
The IRS never communicates in this fashion — neither will most companies, service providers, or even colleagues. Beware of fake phone calls, too, purporting to be from customer service, government agencies, or other representatives. If you receive a website address via email or text message, don’t click on it directly; instead, type the source’s main web page in yourself to verify it’s legitimate.
Build up IT defenses to protect against spam, malware, spyware, viruses, and other cyber dangers
No one tool can provide 100% security, but the right suite of software and hardware defenses can improve your chances of avoiding a scam. At CMIT Solutions, we offer multiple layers of protection for our clients’ data, devices, accounts, and online identities. Think of such a strategy as you would for the security of your home or place of business — the more layers you can surround yourself with, the safer you’ll be, especially with a trusted provider on your side.
Use strong, unique passwords for each and every website.
Gone are the days when “password123” would suffice across all of your accounts. In today’s cybersecurity landscape, long, unique passwords — think a combination of letters, numbers, and special characters — are critical. Cybercriminals count on people using the same password repeatedly, giving them access to multiple accounts if they can manage to steal one. Look into enterprise-level password management, two-factor authentication, and single sign-on if you’re particularly concerned about the safety of your data.
Back that data up remotely, redundantly, and reliably.
In the event of a virus infection, data breach, or other security compromise, the best protection is to have multiple backups of your data captured regularly and stored in different locations (some on-premises, some in the cloud) so you can restore it when and where needed.
Don’t wait for the worst-case scenario to strike before you take action. No matter the time of year and no matter the level of protection you have, hackers are always waiting to spring into action to steal personally identifiable information and the important business data it protects. Staying vigilant, training your employees to identify threats, and the security of your technology is imperative, now and in 2018. Contact CMIT Solutions today to find out more.
Scam Email Examples
From: Idemitsu Kosan Co. Limited [firstname.lastname@example.org]
Sent: 12/11/2017 6:03 AM
Subject: Confidential_Memorandum of Understanding
I write to acknowledge receipt of your information. he management has reviewed your information and has decided that you will be our Account Receivable agent in North America. Attached is the contract agreement (Memorandum of Understanding) which defines our working relationship for your review and signature. Be informed that upon receipt of the signed contract agreement, we will notify our customers in the region of this development (i.e. an AR agent is available in their region for payment collection). Thus, all payments due to Idemitsu Kosan Co. Limited. will be made payable to you for onward remittance to us prior our instructions.
Please do acknowledge receipt of this mail and return a signed copy of the contract agreement to proceed immediately.
Tel: +81 3 4577 3964
Director of Representatives | United States and Canada
Idemitsu Kosan Co. Limited