There are two things that are unavoidable: death and taxes. Unfortunately, with the latter comes not only the hassle of filing the taxes but also in having to deal with the seasonal scams that seem to arrive in earnest. This year it is likely you’ve seen an increase in spoofed emails suggesting tax documents are ready for download via DocuSign, Dropbox, and WeTransfer.
None of these scams are new, and phishing emails using those notifications circulate with disturbing regularity, but this year it seems hackers and cyber criminals have doubled their efforts to make the emails seem all the more legitimate.
Along with those scams are the “tax refund” emails that claim to be your tax refund. In these cases users are asked to provide important details including social security numbers, addresses, and even bank account information – all of which is then quickly sold on the dark web.
“A few trends come together to keep the industry of cyber scams booming,” warned Jim Purtilo, associate professor of computer science at the University of Maryland.
The Cost of Convenience
There are two main reasons that these scams are unlikely to go away. First, people are lazy when it comes to security and as a result are all too quick to click on links. Then there is the fact that because of that, hackers find this an easy and effective scam.
With millions of emails sent out they only need to trick a few users.
“Obviously more businesses all the time rely on digital tools to serve customers, and for good reason,” Purtilo told ClearanceJobs. “These tools might offer convenience for customers, but also keep a business’s name in front of customer eyes, which is real branding value. Your prescription will be ready in 15 minutes! Time for pet’s next grooming, shall we schedule? Press 1 for your favorite meal to be ready for curbside pickup.”
Digitalization of Data
Another reason for the uptick in seasonal scams is that financial transactions have increased notably since the start of the pandemic just over a year ago.
“As upticks regarding scams around personal information are being reported, sadly, much of this can be attributed to the digitization of public records and other personal data such as home addresses, publicly disclosed salary information, title transfers, etc., being matched with hacked personal data such as a Social Security number,” noted Tom Garrubba, vice president and CISO (chief information security officer) at third party risk management firm Shared Assessments.
“The number of cases will continue to increase as the number of available targets posting such information online increases,” Garrubba told ClearanceJobs.
As noted, the pandemic has increased these activities with more individuals work from home, and are increasingly used to the flow of information via services such as WeTransfer. While the company has stepped up efforts that require the sender to enter a code – to avoid the use of someone else’s email address – it is still up to the receiver to check whether the transfer is legitimate.
These tools were meant to streamline the ability to share files, but it just opened new doors for cyber criminals in the process. It is up to the user not to become comfortable, and in the process relax their guard too much.
“The race to offer a richer suite of services is on, and this creates one of the security challenges,” explained Purtilo. “Consumers who are already used to brisk interaction with our digital appliances find ourselves performing more complex transactions on line as matter of routine. Sign the employment contract? There’s an app for that. Your doctor has an important private test result to share. Here’s the confirmation of your 401K transaction. Before we know it we’ve normalized this kind of activity on line too – it becomes way easier for people to click through such messages in a hurry.”
The problem is that technology for performing complex transactions has outpaced consumer experiences.
“We all know to be pretty skeptical about ordinary text messages and spam email, but how do most people tell what is the authentic tool for applying a digital signature to some important document, as opposed to malware manufactured to draw out our information,” Purtilo noted. “In reality, most people can’t tell the difference, but because digital mystique has normalized tech, we dive in anyway.”
It has also becoming increasingly easy for convincing tools to be created to scam users, and in many cases cyber criminals rely more on social engineering, and the aforementioned laziness than actually doing “hacking” of networks.
“Google tools are very productive for scammers,” admitted Purtilo. “When links embedded in a document go to Google materials, it has the aura of authenticity. Nobody in their right mind would click through to an active server page at some sketchy Moldovan site, but dress it up on a Google form to look like a party invitation and it is a different story. ”
Thus as long as scammers can find ways to lure consumers out of their digital comfort zones there will be victims. While identity theft can be mitigated for a clearance holder – as long as it wasn’t a case of complete financial irresponsibility, getting that defense in place takes a lot of time, lawyer fees, and many headaches. An ounce of prevention is worth a pound of cure for sure. So, be watchful in this tax season so you don’t have to deal with the aftermath.