The IRS projects that United States businesses will lose $27 billion due to tax scams this year. And with the 2022 tax season now underway, cybercriminals have already begun to intercept payments, redirect refunds, and cause general havoc amongst businesses. For organizations that want to get their affairs in order without unwittingly falling victim to a cyberattack, Rocket IT has compiled a few recommendations to minimize losses this tax season.
When Is the Deadline for Filing Taxes?
First and foremost, April 18, 2022 is the filing deadline for most small businesses, single-owner LLCs, freelancers, sole proprietorships, household employers, and C corporations. If your organization is classified as an S corporation or partnership, the filing deadline is March 15, 2022.
Each business type and state have different requirements and deadlines that affect how taxes are filed. Stay compliant by consulting with a trusted accountant or by visiting the IRS’ website.
Tax Season Scams to Know in 2022
With each tax season comes a slew of new phishing attacks, eager to trick you into sharing sensitive tax information. While ongoing security training and phishing testing can help your team avoid unnecessary losses, let’s say you want to know what 2022’s phishing trends look like at a glance.
Business Identity Theft
Thought of as a problem that only affects individuals, small businesses can also suffer from identity theft. In these scenarios, scammers typically send fake invoices that look as though they’re coming from real vendors. Should a business pay the fake invoice, scammers can then use that information to open lines of credit or steal employees’ tax refunds.
Fraudulent Phone Calls
In 2021, Americans received around 51 billion robocalls. And while the goal of these calls may vary, rest assured that tax season is sure to bring voicemails attempting to trick you out of money. If you happen to answer one of these calls and the voice on the other line insists that you pay a penalty fee, hang up immediately. The IRS will never call before sending you a physical notice in the mail.
Before clicking on any links or attachments within an email, check where it’s coming from. Oftentimes, scammers will conduct what is known as email spoofing. For example, while a real email from the IRS will have an @irs.gov domain, a spoofed email may have an alternate domain, like @irsrefund.com. In turn, clicking any items within a fraudulent email may install malware that can infect your computer. Even worse, if you happen to be on a company computer, this can allow some viruses to spread throughout an entire business network.
Impersonated Web Forms
Alternatively, rather than using malicious links to immediately install malware, a subsection of scammers are far more clever. In some fraudulent emails, scammers may direct you to a page that appears almost identical to the official IRS login screen. Unfortunately, if you don’t notice some subtle differences and enter your real account credentials, that information is immediately sent to the scammers in question. Therefore, it’s crucial to only visit sites that begin with www.irs.gov.
Cybersecurity Tips for the 2022 Tax Season
While the phishing trends listed above should help you navigate this tax season, for some businesses, taking immediate action can greatly mitigate the chances of a successful attack. In turn, here are some steps the IRS recommends taking right now.
Deploy These Security Measures
- Activate modern anti-virus software.
- Deploy a firewall.
- Use multi-factor authentication when it’s offered.
- Conduct regular backups.
- Encrypt your drives.
- Implement security training and phishing testing.
Recognize the Signs of Data Theft
- Keep an eye out for IRS letters about suspicious tax returns in employee names.
- Check with your tax professional to ensure they have not filed more returns than you submitted.
- Report any tax transcripts you did not request.
Create a Data Theft Recovery Plan
- If you believe your business and its employees are victims of a tax scam, contact a local IRS stakeholder liaison immediately.
- Once a liaison has been notified, sign a contract with a team of cybersecurity experts to recover data and ensure a similar experience does not repeat itself.
For organization without a team of cybersecurity experts on hand, Rocket IT works with businesses, municipalities, and nonprofits to protect their data year-round. For more information on how your organization can proactively mitigate this year’s tax risks and prepare a security strategy for the rest of 2022, give Rocket IT a call at 770-441-2520 or contact us using the form below.