Accounting & Financial Services from the Garden Route to the Cloud

Home » Blog
Tax Season, Accounting Service, Bookkeeping Service

Tax season 2022: Beware

While this is written in the USA, we can also face the same problems in South Africa now with our Tax season opening in July. As people get ready to file their taxes in many parts of the world, cybercriminals are getting ready too. Tax-return time is open season for cybercrime, and it’s likely to be worse this year because so many people are still working from home on various devices connected to unsecured networks.  

Although cybercriminals use other sophisticated tactics to steal information, social engineering scams are low-hanging fruit, especially during tax season.  

Fortunately, everybody can take steps to avoid falling victim to a social engineering scam. 

Watch out for these social engineering attacks during tax season 

Cybercriminals are out in force, eager to prey on the stress and uncertainty surrounding tax season. Attacks may take the form of phishing email campaigns or phone calls from people claiming to be from SARS or a collection agency. To appear legitimate, scammers may use stolen data with personal information, such as Social Security numbers. 

Cybercriminals use a “spray and pray” model for phishing campaigns. They send thousands of emails, hoping that at least one person will fall victim to the attack. Spear-phishing attacks are a targeted form of phishing that can be more difficult to detect because the emails are personalized to appear as if they were sent by someone the recipient knows.  

In the past, spear phishing was challenging to implement, but now some advanced cybercriminals use machine learning and artificial intelligence to execute these attacks more efficiently. 

Who is the most vulnerable to social engineering attacks during tax season? 

During tax season, the prime targets for tax refund scams are employees due their first tax refund , small business owners, new taxpayers under the age of 25, and older taxpayers over 60.  

Cybercriminals assume these people may be less informed about tax policies and what to expect, so they may be more vulnerable to emotional manipulation. For example, the scammer may claim that the potential victim has missed an important tax deadline and pressure the victim to act quickly. 

How to protect yourself against tax refund scams in this tax season 

If you know what to look for and how to handle suspect emails or phone calls, you can avoid becoming a victim of tax season social engineering attacks. Here are a few tips for effectively defending against social engineering attacks: 

  • Look for grammatical issues and typos. Often, phishing emails contain errors that are easy to spot. If a message includes several spelling or grammar errors, odds are good that it is not legitimate. 
  • Be skeptical. Always consider any unexpected emails or phone calls claiming to be from SARS or other governmental agencies to be suspect. If you are concerned about the legitimacy of a sender or caller, don’t give the person any information. Instead, contact SARS or governmental agency directly to verify the caller’s identity. 
  • Don’t share personal information. Don’t give out your identity number or credit card information over the phone or via email. Scammers may pressure you to do so and try to convince you that something terrible will happen if you don’t act immediately. Hang up or delete the email. 
  • Warn family and friends who may be vulnerable to attacks. Share cybersecurity information with others and encourage them to get educated. The Fortinet NSE Training Institute offers cybersecurity awareness training that covers key cybersecurity terms, the motivations behind cybercrime, attack methods, and protection tactics. 
  • Use technology to help prevent attacks. Secure email gateway (SEG) solutions to protect all inbound and outbound email traffic. Use an advanced endpoint protection solution with a built-in VPN client and zero-trust network access. It connects an endpoint such as a laptop with the Security Fabric and delivers integrated endpoint and network security. 

Knowing what is and isn’t normal communication from SARS or equivalent is critical, particularly during tax season. 

Educate yourself and stay safe during tax season 

Although tax-return season can be stressful, knowing the signs of a social engineering attack can keep you from becoming a victim. By learning how the SARS contacts individuals, what constitutes a legitimate message, and what information should be provided, you can stay ahead of cybercriminals and keep your data out of their hands.