Phishing, spear phishing and whaling

Phishing, spear phishing and whaling

via Crescendo

LEARN HOW YOUR PLANNED GIFT CAN HELP THE AMERICAN LEGION

The Internal Revenue Service (IRS) is conducting Nationwide Tax Forums, sponsored by the Security Summit, in five different cities this summer. The four remaining forums are July 30 in Orlando, Aug. 13 in Baltimore, Aug. 20 in Dallas and Sept. 10 in San Diego. Registration forms and deadlines are available on IRS.gov; the IRS notes that taxpayers and professional advisers are welcome to attend the forums, but it is expected that they will sell out.

The forums are designed to highlight the latest strategies of fraudsters. There is a a specific focus on protecting tax preparers and their clients. The latest and most successful scams will be covered. Some of the scams to be aware of include:

Phishing/Smishing Phishing emails or SMS/texts (known as "smishing") are common strategies for a fraudster. One method to increase the probability of success is to send phishing emails to several professionals in the same firm. This increases the likelihood that at least one individual will click on a link and download malware.

Spear Phishing This is an email strategy known as a "lure." These scams are more difficult to identify. They single out an individual and attempt to craft an email that is especially likely to succeed. The scammer often claims to be a potential client. They may engage in a series of emails that appear to be a normal part of business. However, there eventually will be an email with a link to documents that supposedly have been requested by the tax professional. This link will download the malware.

Clone Phishing The latest phishing scam involves hacking an email message from a client to the tax professional. Since a regular email is not encrypted or protected, a hacker may be able to intercept such an email. The scammer then re-sends the email and pretends to be the client. This makes the tax professional think the email is from their known client, increasing the likelihood that they click on a link and download malware. The malware enables the fraudster to use client data, file false returns and claim improper tax refunds.

Whaling A whaling attack is similar to spear phishing. However, these attacks are focused on leaders of organizations or executives who have access to important business information. Whaling attacks will frequently target individuals in a finance or human relations office. The whaling email may claim to be from an officer or director of the organization and ask the finance or HR staff person for critical information.

The IRS warns professionals to be on the lookout for red flags or warning signs. If you receive an unexpected email or text that claims to come from a colleague, a bank, a credit card company or your tax software provider, check out the source before clicking on links or responding. A scammer may also decide to send a duplicate email that is very similar to an email you have just received from a trusted individual. The duplicate will contain an attachment or link that downloads the malware.

Another effective strategy for scammers is to claim urgency. They may indicate that your password to an important website has expired and must be renewed immediately. Finally, be careful if there is an email address that includes misspellings. Some scammers have been quite successful with email addresses that are identical, except for an "0" that replaces the "o" in the email address.

IRS Commissioner Danny Werfel notes, "There are major red flags that can be easily overlooked, so tax professionals and taxpayers should be extra careful and look closely when they receive an email from an official-looking source."

Tax preparers are reminded that they are required by the Federal Trade Commission to use multi-factor authentication for access to client’s personally identifiable information (PII). Professionals should develop a Written Information Security Plan (WISP). This plan will help protect your clients and yourself from fraudsters and scammers.

The American Legion’s Planned Giving program is a way of establishing your legacy of support for the organization while providing for your current financial needs. Learn more about the process, and the variety of charitable programs you can benefit, at legion.org/plannedgiving. Clicking on “Learn more” will bring up an “E-newsletter” button, where you can sign up for regular information from Planned Giving.

Tags: Planned Giving