The inability to spend big dollars on fraud protection and lack of resources has meant that small businesses are increasingly becoming the target of cyber criminals.
In the Australian Competition and Consumer Commission (ACCC) Targeting Scams report, phishing and identity theft were among the top three most reported scams in Australia in 2018, with identity theft totalling more than $1.4 million in losses. According to the report, the impact of identity theft is worsened by the time and effort it takes many Australians to recover their identity, rectify credit reports, and update (or get new) bank accounts and personal identification documents when compromised by scammers
Identity fraud on demand
Perhaps most notable is that an identity theft cycle can now be completed by an attacker without ever stepping foot outside or showing their face to another human via “identity fraud on demand,” a process by which a hacker can provide stolen/purchased identity information and receive an original image of a person holding a forged passport with matching picture/information and scans of the forged identity documents.
Various tax identity theft products and services on the dark web are becoming cheaper; sellers are working hard to differentiate themselves and their products; and new products are being developed to meet identity thieves’ demands, forming a living, breathing economy built to empower even entry-level hackers.
This evolution in tax fraud and tax identity theft is congruent to various dark web economies, including ransomware, has led to attackers constantly evolving their behaviours to “follow the money.”
Curbing tax fraud and identity theft stemming from the dark web can be a tough, if not impossible, task.
Six steps to prevent tax identity theft
Small businesses can take a few critical steps to strengthen their cyber hygiene and decrease their chances of becoming a victim. Here are my six top tips to avoid tax identity theft:
- Make sure to use a bank that offers multi-factor authentication for logins. It’s also a good practice to use Mozilla as your browser for any sensitive online activity.
- Use a password manager (locked by a master key that only you know) and do not save passwords in your browser.
- File your taxes as soon as possible. In the event someone does get a hold of your information and attempts to file a return in your name, the fraudulent return will be rejected if your return has already been submitted. (Another motivation to get those taxes in early!)
- Ignore the inclination to give your information away. If a website doesn’t have a legitimate need for personal information, don’t provide it. This can help limit future exposure.
- Never transfer money (via wire, electronic check, credit card, etc.) based on an email request you’re not expecting without directly authenticating the requestor via telephone or in person first.
- Putting a lock on (and/ or setting notifications for) your credit will also put an additional measure in place to monitor nefarious activity.
Of course, a hacker might find their way through, but the above tips will certainly help you to avoid a nasty incident happening. Tax fraud affects thousands of people every year. It is important to note that the theft of a tax return can empower a criminal to steal someone’s financial future, not just this year’s tax refund.
Tax information theft could easily extend to credit cards and home equity loan fraud, which could haunt a victim for decades. So make sure that you are doing all that you can to protect your tax identity.
Matt Bennett, Vice President – Asia Pacific Japan, Carbon Black
