12 Apr Cyber Criminals Successfully Stealing Our Tax Refunds – Again!
Tax season is a very active time for cybercriminals. According to the IRS, the 2016 tax season experienced a 400% increase in tax related phishing and malware attacks. Both individuals and businesses have been victims.
In one instance, hackers accessed the data of up to 100,000 people through a federal tool that helps students get financial aid. The result? The IRS processed up to 8,000 fraudulent tax returns, with payments totaling $30 million dollars.
Enterprises have also been heavily targeted. We’ve recently seen cybercriminals posing as the CEO send emails to the company’s HR or finance department requesting copies of W-2 forms for all employees. Eager to respond to who they believe to be the CEO, HR and finance personnel are frequently succumbing to this phishing scam and transmitting the tax data to the imposter.
With the ever-increasing onslaught of cyberattacks, all businesses and organizations need to be vigilant in safeguarding the private information and tax data belonging to their employees. To carry out their nefarious deeds, cybercriminals typically steal personal information and tax data from business-owned databases. This is almost always accomplished by stealing legitimate user IDs and passwords from authorized employees, and using their accounts to access the data.
Deploying user and entity behavior analytics (UEBA) to detect when user credentials are stolen is a very effective way to thwart tax data theft from businesses and other organizations. UEBA detects when user accounts are involved in unauthorized or other anomalous behaviors, enabling administrators to shut down hackers early on in their attempt to steal tax data.