Taxpayers and tax advisors are required to protect confidential information. At a certification body like GlobalSign, everything focuses on one goal - protecting identities. So when the tax return is due in the next few weeks, we are all too aware of how quickly fraudulent activities can make the submission period a nightmare.

Cybercriminals try almost everything to get personal information. Consumers should pay special attention to unexpected emails, text messages, social media posts or fake websites if they want to prevent valuable personal and financial information from falling into the wrong hands.

The aim of the attacks is either to withdraw funds or to carry out identity theft. Unknown links and attachments potentially contain malware, viruses, spyware, or other unwanted software that can be installed on computers or mobile phones. Once opened, they not only cause immediate damage but are also able to infect other files later.

According to the IRS, the situation could get worse. The period in which the tax return is due is particularly suitable for targeted fraud maneuvers. The addressees receive emails with a subject such as "Notice of outstanding income tax payment" or "Letter from the tax office". Such emails are often not personalized and begin with the generic "Dear taxpayer". For example, they contain officially effective attachments with the logos of the responsible authorities, but they contain malware. Cybercriminals lure with links that link to fake websites, complete with government or tax office logos. This is how criminals get their passwords and login details.

Tax advisors are also at risk and have a responsibility to their clients

Hackers, however, are not only targeting end-users. Tax advisors are also not safe from attempting fraud. At the beginning of this year.

Among them are several fake documents - such as a tax return, property statements, and a mortgage interest form. Once the recipient has activated the macros, the document is downloaded and a tool is known as "Remcos RAT" is installed on the computer. Remcos (Remote Control and Surveillance) is remote control tools that are freely available for purchase. The tool itself is legitimate and the original developers explicitly prohibit misuse. This hardly stops cybercriminals who promise additional profit.

If the RAT tool is installed, the attackers may have full access to all of the recipient's data - in this case, files with tax accounts. Effects that now affect many customers, even though only one computer was infected.

Whenever financial information is involved, caution should be exercised, but especially when tax returns are due. With growing problems such as phishing, customers should consider carefully whether they should better pass income tax information directly to the tax advisor rather than email it. If you submit the data online, it is better to do so directly on the respective page instead of clicking on a link in a document or an email. Research the website address carefully before submitting your data. This is the only way to know that the site is correct and legitimate, and therefore secure.

The tax office always contacts citizens first by post office, not by email. If you have not received a letter in the mail, it is unlikely that the e-mails in question came from the tax office.

Real support staff doesn't need access to your computer to get information or help you.

Always use a password manager instead of using the same password for multiple accounts.

Handle personal information with care. Only provide your social security number if necessary.

Check your credit information for dubious activity. Never throw away documents with confidential information, such as papers with social security numbers or account information. Always use a paper shredder for this.

• Prev
• Next