Menu

Monthly Archives2016 February

Home / Blog
Hackers are Stealing Your Tax Returns

Hackers are Stealing Your Tax Returns

It’s tax season and cyber criminals are out in full force to steal your tax returns. This time last year, hackers stole $50 million from the Internal Revenue Service (IRS) through fradulent tax refunds, affecting 330,000 people. It’s no surprise that this January, the IRS was targeted by an automated cyber attack. Cyber criminals used stolen personal data from data breaches to create fake logins through the IRS Electronic Filing PINs. The IRS stated that they found unauthorized attemps to obtain Electronic Filing PINs for 464,000 Social Security numbers. The attackers tried to use malware to generate these fake identification numbers. Thankfully, the IRS was able to stop this attack before it affected anyone, however, it’s likely this won’t be the last attack.

“No personal taxpayer data was compromised or disclosed by IRS systems,” the IRS said in a statement. “The IRS also is taking immediate steps to notify affected taxpayers by mail that their personal information was used in an attempt to access the IRS application. The IRS is also protecting their accounts by marking them to protect against tax-related identity theft.”

The numerous data breaches that have occurred in the past few years have given these cyber criminals plenty of data to use for identity theft. In 2015, health insurers like Excellus, Anthem, and CareFirst, were victims of huge data breaches. These data breaches affected tens of millions of people. Even the Office of Personnel Management was attacked, exposing 21.5 million U.S. government employees. From the sheer amount of data that is out there, it’s no surprise that hackers are using this data to file people’s taxes.

As reported in Forbes: “The trend is clear. Each year, the IRS publishes a list of its ‘Dirty Dozen’ tax scams. In 2011, just one involved some form of identity theft. This year no less than one-third were (identity theft-related) scams.”

For a cyber criminal, it takes very little work to secure a big payoff. All it takes is a name and Social Security number, stolen from one of the many data breaches that have occurred. These thieves file for taxes under the stolen identity and provide a fake address to send the refund to. By using their automated programs, they can scam easily and quickly.

How can you protect yourself? The best thing you can do is to file your taxes as early as possible! The more you delay, the more time you are allowing cyber criminals to steal your identity.

Consumers need to be alert to possible tax-related identity theft, especially if you’ve received a letter from the IRS stating you have been breached. The IRS has published 5 warning signs that everyone should be aware of.

1. More than one tax return was filed for you;
2. You owe additional tax, have a refund offset or have had collection actions taken against you for a year you did not file a tax return;
3. IRS records indicate you received more wages than you actually earned or
4. Your state or federal benefits were reduced or cancelled because the agency received information reporting an income change.

Financial Services are Under Attack!

Hackers are consistently targeting the financial sector and our personal information is at risk more than ever before. Cyber crime is the number one threat we face according to the U.S. Intelligence Service and 39% of all cyber attacks affected financial institutions (PwC). Hackers target these financial service firms 300% more than businesses in other industries. (CDW Finance) These financial institutions include banks, mortgage lenders, insurance companies, investment firms, and wealth managers. Most people assume that their finances and data are kept safe. However, as we have seen over the past few years, this is no longer true. Hackers are becoming more and more sophisticated and sneaky, infiltrating themselves into even our most secure networks.

Many asset and wealth managers do not believe they are a target because they assume hackers are after higher profile organizations. However, this is not the case. Financial instituions are incredibly attractive to hackers and cyber criminals. According to Kroll’s Cyber Threat forecast these financial firms are an “attractive target as they typically hold volumes of valuable data which are often stored in an organized manner with little protection.”

Recently, the Securities and Exchange Commission (SEC) has listed cybersecurity as a top priority for 2016. At least 88% of broker-dealers and 74% of advisers have been the target of cyber attacks, the SEC stated earlier this February. The majority of these cyber attacks were done through fraudulent emails, some of which led to brokers losing more than $5,000, the report said. In one case, an adviser reported a loss of more than $75,000.

SEC Commissioner Luis Aguilar, stated that “cybersecurity is a persistent and growing threat, and that firms must take their cybersecurity duties seriously.”

The Financial Industry Regulatory Authority (FINRA), also issued their annual Regulatory and Examiniation Priorities Letter earlier this February which identified hacking as a major threat facing brokerages. These regulatory agencies are taking note of how financial institutions supervise their cybersecurity.

FINRA states that they “will review firms’ approaches to cybersecurity risk management, and depending on a firm’s business and risk profile, we will examine one or more of the following topics: governance, risk assessment, technical controls, incident response, vendor management, data loss prevention and staff training.”

There are many ways these cyber criminals attempt to steal money and data. One way is by contacting a wealth manager and pretending to be a client. They will claim they have been robbed and need a wire transfer immediately. Another popular scam is called social engineering. This type of scam is so popular that even the Director of the CIA fell for this last year. In this situation, the teenage hacker posed as a Verizon employee to gain sensitive information which allowed him access into the Director’s AOL account.

Social engineering refers to the concept of psychologically manipulating people in order to trick a person into revealing critical information. For example, tricking an employee into giving them accessibility whether it is a password or crucial banking information is very common. Human nature and trust feeds into this concept and cyber criminals are counting on this. There have even been reports of attractive women befriending IT security professionals, thereby gaining entry and infecting networks with malware.

By employing cybersecurity professionals, you as a business are making real steps toward protecting your business, your clients, your data, and more. Save yourself from being hit with fines and audits, otherwise the FTC will fine a company that has not sufficiently protected their data against a breach. The FTC will require a company to undergo 20 years of security audits if they are found negligent. Having firewalls and intrusion detection mechanisms in place to prohibit cyber criminals from gaining access to your network is key to avoiding the potential fallout you’ll have to deal with. Cybersecurity is a necessity and it is incredibly important for all businesses to take it seriously.

How can we help?

Axiom Cyber Solutions is offering Managed Cyber-Security Protection for businesses starting as low as $199 per month. We realize that many organizations do not have a dedicated IT team and business owners may be handling their cyber security matters on their own. Let us take over and provide you with peace of mind. Axiom will provide your business a firewall and manage it so you don’t have to worry about securing your business. We will assess the security risks for your business and will help implement the right cyber security service for your business.

Axiom’s solutions come in different sizes and all our solutions are designed to deal with the attack vectors of today while being adaptive and flexible enough to continue to secure your network for years to come. For more information, check out our website at axiomcyber.com or give us a call us at (800) 519-5070. #FightBackWithAxiom

Cyber Criminals Are Now Targeting Your Kids

In today’s world, most parents are aware of the various predators that are out to harm their children. Now, parents can add cyber criminals to that list of concerns. While these criminals won’t physically harm your children, they can ruin your children’s credit and finances before they’ve even had a chance.

In 2015, 17.6 million Americans in the United States were victims of identity theft according to the Bureau of Justice Statistics. A majority of identity theft is due to data breaches committed by cyber criminals. The FBI ranks cybercrime as one of its top law enforcement priorities, and President Obama has recently proposed a $14 billion cybersecurity budget.

A data breach in November involving children’s toymaker, VTech, exposed 6.5 million children’s data. Approximately 3 million of those children were in the United States. The cost of VTech’s breach has reached approximately $116,000,000. Children are just as vulnerable to identity theft as adults. The fallout from data breaches affect so many individuals. Not only are the customers victim to having their personal information stolen, they also have to worry about their children’s personal information being compromised.

This past week, Wi-Fi-enabled toys from the Fisher Price line named ‘Smart Toy’, have been diagnosed with a security vulnerability, as well. Hackers had the ability to access children’s names, birthdays, gender, and more personal information. Fisher Price has since announced that this vulnerability has been remediated and no longer poses a problem. However, with the IoT (Internet of Things) well on it’s way and being implemeted into children’s toys, these security risks will only become more and more of an issue.

Can you imagine your child having an expensive utility bill in another state, or a drivers license, or even a foreclosed home in another state? It begs the question, when’s the last time you checked your children’s credit reports? It’s no surprise that these cyber criminals are interesed in stealing your children’s identity. You couldn’t ask for a better setup. What could possibly be better than a sparkling clean credit report for those criminals who want to start over financially?

Even worse, it can take years and years before you get any inkling of wrongdoing. More often than not, these cyber criminals are never caught. And the risk doesn’t decline after a few years because this is not something that just goes away. Social security numbers last a lifetime and identity theft for both adults and children is something that needs to be constantly monitored.

The youngest victim in identity theft was only five months old. A report done by Carnegie Mellon’s Cyber Lab, reported that out of the 40,000 children caught up in a data breach, 10.2% of those children had their Social Security numbers compromised. This statistic is 51x higher than the 0.2% of adults who were affected.

What can you do to help your child? The Federal Trade Commission (FTC) recommends looking out for the following scenarios.

1. Be turned down for government benefits because the benefits are being paid to another account using your child’s Social Security number.
2. Get a notice from the IRS saying the child didn’t pay income taxes, or that the child’s Social Security number was used on another tax return.
3. Get collection calls or bills for products or services you didn’t receive.
The majority of data breaches occur from cyber criminals who are hacking and phishing for data. Once that data is sold, you and your family are at risk for identity theft.

For more information, check out our website at axiomcyber.com or give us a call us at (800) 519-5070. #FightBackWithAxiom