1-866-245-5224 info@globallearningsystems.com
Menu
Sun, August 20, 2017 Twitter LinkedIn

Compliance Training Blog

Security is everyone's responsibility

Tax Scams & Identity Theft

As the filing deadline for taxes approaches Monday, businesses and individuals are both at a risk of fraudsters targeting them, posing as the Internal Revenue Service. Avoid being scammed out of your money and your identity this tax season by being aware of the types of scams used to target honest taxpayers.


Return Preparer Fraud

According to the IRS, while most tax professionals are honest, there are some who are not. These fraudsters set up shop with the intent to perpetrate refund fraud, identity theft, and other scams that affect taxpayers.

One scam that was used by clients of a Virginia tax preparer involved victims unknowingly signing phony Schedule C forms to claim business losses. The tax preparer had the refunds deposited into an account they controlled, and wrote a check to the taxpayers for a fraction of the amount.

Keep in mind that even when using a tax preparer, you, as the taxpayer, are legally responsible for making sure your return is filed completely and accurately. Follow these tips to stay protected:

  • Always shop around for a tax professional who has a positive history in the community. Referrals by satisfied friends, family or other business owners is typically a safe route to go.
  • If a tax preparer asks you to sign a blank return and promises a big refund before looking at your records, or charge fees based on a percentage of your refund, you should walk away immediately. Never sign a blank return, and negotiate a flat fee.
  • Check for a Tax Preparer Identification Number. The IRS issues these numbers to all paid preparers. A lack of a PTIN is a sign of a shady preparer.
  • Never agree to have your return deposited into an account controlled by the tax preparer. This is a very easy way for scammers to skim from your refund.

Tax Scams

Here are a few ways that scammers utilize tax season and the IRS to get key identifying information:

  • Scam phone calls are made impersonating IRS agents. This phishing technique intimidates victims into sharing business financial information such as employee I.D. numbers to use for illicit purposes. Threats like arrest and having your business license revoked are used.
  • Phishing emails leading you to phony websites are commonly used. Scam artists can design incredibly realistic-looking websites to steal your information. Additionally, criminals may send emails to the HR or accounting department pretending to be a top executive. They will ask for employee W-2 information and use the information to file false tax returns with your employees’ information.

How to Protect Your Business

It’s important to keep both your business and your employees protected from identity theft and tax scams. Here are some ways to do it:

Fake Charities

Small businesses often look to make charitable donations at year-end to lessen the amount of income tax they owe. Unfortunately, scammers take advantage of this fact and form fake organizations pretending to be real charities.

To protect your business, always take the time to check the status of a charitable organization before making a donation. Scam artists often choose names that are similar to real charities, so even if it sounds familiar, do your due diligence first.

Additional Resources:

Read More...

Top Cyber Security Threats As We Enter Q2 2016

According to a recent study released by ISACA and the RSA Conference, a whopping seventy-five percent of cyber security professionals expect to to fall victim to a cyber attack in 2016. As computer technology becomes more sophisticated, so do the techniques used by cyber criminals who target computer information systems, infrastructures, computer networks, and personal computer devices. 2015 saw a rise in the number of data breaches, with several large and well-known companies (as well as government offices) reporting that the personal information of their customers had been compromised. Social engineering attacks, where hackers convince employees to give them access to sensitive company data, was another area off attack in 2015.


In 2016, however, a whole new host of threats loom, and your organization needs to be vigilant and aware of these cybersecurity threats to stay protected. This is what you should be prepared for:

1. Extortion Hacks (and Ransomware)

Extortion hacks happen when cyber criminals gain access to computer systems and threaten to disclose sensitive data or cripple websites unless their victims pay hundreds or even thousands of dollars in ransom.

Threat Mitigation

  • Create file backups, data backups and backup bandwidth capabilities. This will help your company to retain its information in the event that an extortion occurs.
  • Combat ransomware the same way you combat malware – never click on untrusted or suspicious email or SMS links.

For more information see our blog post Ransomware: Who, What, When, Where, Why?

2. Data Sabotage

Data sabotage occurs when cyber criminals change or manipulate electronic information in order to compromise its integrity. Decision-making by senior government officials, corporate executives, investors or others will be severely impaired if they cannot trust the information they are receiving.

Threat Mitigation

  • Create a secure repository. Sensitive data should be stored in a manner that provides the owner complete control over who has access, and where they have to be to gain access.
  • Backup securely. It is absolutely essential that any system that is used to backup data do so in its encrypted form.

3. The Internet of Things

The Internet of Things (IoT) will become central to “land and expand” attacks in which hackers take advantage of vulnerabilities in connected consumer devices to get a foothold within the corporate networks and hardware to which they connect. You can also expect to see worms and viruses designed specifically to attack IoT devices.

Threat Mitigation

  • Detect IoT devices on your networks. Iot devices can be detected through routine asset management or vulnerability scans. Any new device that doesn't match a known enterprise device profile could potentially be isolated and have its traffic redirected to a registration portal or network management system that automatically checks device security.
  • Devote more resources to secure development. For companies developing IoT devices this includes building security into device design and configuration.

For more information see our blog post How to Safely Use Devices & the Future of the Internet of Things (IoT).

4. More Backdoors

Backdoors are the hidden snippets of code that provide hackers with access to an account, a device, or even an entire computer or server without the knowledge of the owner. Cybercriminals commonly use malware to install backdoors, giving them remote administrative access to a system. Once an attacker has access to a system through a backdoor, they can potentially modify files, steal personal information, install unwanted software, and even take control of the entire computer.

Threat Mitigation

  • Don’t click. Never click on an email attachment or a link sent from people you don’t know and watch what you download from the web.
  • Be careful about which sites you visit. Less secure sites could contain a so-called “drive-by download”  which is able to install malware on your computer simply by visiting a compromised web page.

What else can you do to protect yourself?

Be prepared by educating yourself and your employees -- know what to expect. We at Global Learning Systems offer a wide variety of related offerings, ranging from 2 minute security shorts to full-fledged training courses on the topics covered here including:

  • Security Short: Ransomware
  • Security Short: The Human Firewall®
  • Best Practice Module: Securing Information at the Office
  • Best Practice Module: Browsing the Web Securely
  • Course: Security Awareness Essential Challenge


Contact us for more information.

Read More...
award Winner Two Years In A rowaward award award  

Award-winning Training for Powerful Results

Request a Demo