As a business owner, consider the internet the “wild west” of technology. Especially in the digital age, creating an online footprint is nearly unavoidable and leaves you susceptible to risks—including fraud that can manifest in various forms. As tax season approaches, scammers will run rampant in an attempt to steal your sensitive information, robbing you of your money and autonomy. Knowing how to better protect your business during tax season is crucial, especially since you have so much on the line every year.
Wondering how you can combat these threats to your business? Follow our best practices for staying guarded to prevent fraud. After all, wouldn’t you rather be safe than sorry?
Know The Facts on the IRS
If you’re a business owner/taxpayer, you must have a defensive approach and assume that you’re a target for scammers. Inform everyone on your team that identity thieves are known to impersonate the IRS by phone, email, or even in person—especially during the first quarter of the year.
The IRS initiates most contact with taxpayers through regular (snail) mail delivered by the U.S. Postal Service. However, there are unique scenarios in which the IRS will call or come to a business, such as:
- When a taxpayer has an overdue tax bill
- To secure a delinquent tax return or a delinquent employment tax payment
- To tour a business, potentially as part of an audit or during criminal investigations
Despite these unique scenarios, taxpayers generally receive an initial letter or multiple notices from the IRS in the mail. It’s important to note that The IRS does not utilize email, text messages, or social media to discuss tax debts or refunds with taxpayers.
Here are some important tips for you to keep in mind to avoid scams:
Be Skeptical of Phishy Emails
Recent surveys reveal that in the third quarter of 2022, a new record of 1,270,883 total phishing attacks took place—the worst quarter for phishing that the Anti-Phishing Working Group has ever observed. With phishing attacks higher than ever, your cybersecurity is paramount to the health of your business.
Here are some general tips to spot phishing:
- If the email message is sent from a public domain, it’s probably a scam. Most legitimate organizations (with the exception of small businesses) will not send emails from an address that ends in “@gmail.com.” Check that the domain name matches the apparent sender. If the email is sent from an address that isn’t affiliated with the alleged sender, it’s safe to assume it’s a scam.
- The email address is misspelled. Did you know that anyone can buy a domain name from a registrar? Despite the fact that every domain name is unique, there are multiple methods to create addresses that are indistinguishable from the one that’s being spoofed. Don’t gloss over the details, always check the spelling of the email address!
- There are errors in the email. As mentioned above, read suspicious emails carefully before clicking on any links or attachments. This could send your information into danger.
- The email is written with a sense of urgency. Most scammers will use scare tactics to push you to click on their links or attachments before having a second thought. These attachments can contain malware and will cost you a pretty penny to get your information back.
Once you have identified the phishing attack, be sure to report the message, then delete it! For more extensive information, check out our email phishing training & analysis tool with PII Protect.
Beware of Vishing
Vishing (also known as voice phishing) is a cybercrime that utilizes phony phone calls to steal personal confidential information from victims. Cybercriminals will use social engineering tactics to convince victims to act from a sense of urgency and ultimately give up private information and access to bank accounts.
Usually, cybercriminals will research their victims and send them phishing emails. In hopes of getting a response, they will provide a phone number to call. These criminals also use specialized software to call multiple people using a phone number that has the same area code as the victims.
To prevent becoming a victim of phishing, take caution when answering the phone with an unfamiliar caller. Do not answer questions about your personal information, workplace, or home address. To take additional action, you can register your number with the Do Not Call Registry.
Practice Safe Internet Use
Be intentional about privacy when surfing the web. One of the best solutions to consider is a virtual private network (VPN). By implementing a VPN solution, you can improve the security and privacy of your devices even while out of the office.
Additionally, you should periodically check that your antivirus and anti-spyware software is up to date.
Track Password Management
When you’re running a business, it can be challenging to keep track of all your passwords. Point blank—password management is imperative to protecting your digital identity.
Password managers are great tools for keeping all your ducks in a row. A password manager is typically an encrypted, cloud-based storage service that will store your logins, passwords, security questions, credit card information, personal notes, and tax identification information. It often will generate strong and unique passwords to add to your virtual security. Often these services will accommodate multiple platforms (PCs, Smartphones, Tablets, Browser Extensions, Etc.) with a master password.
Remember to use password managers with caution. There are some risks in storing all of your logins and passwords in one place, but picking a service with encryption and even multiple types of encryption will help to mitigate the risk.
A great rule of thumb is to change your master password every 30-90 days. For another layer of protection, consider implementing multi-factor authentication, where additional credentials are required in order to access sensitive data.
Combat Threats and Prevent Fraud with Exact IT
Ease your IT concerns when you work with Exact IT Consulting. We offer a comprehensive suite of proactive and innovative technology solutions that can help you make strategic, long-term IT decisions that will positively impact your organization.
