As tax season looms, so do phishing scams. For cybercriminals, this is the ideal time of year to deceive unsuspecting individuals into releasing sensitive private or company information. Businesses must therefore take extra precautions between now and April 30th to avoid hackers from selling your confidential data in the dark web.
Phishing baits to watch out for
Phishing attacks often consist of fabricated or compromised emails sent to finance/payroll or human resources employees that are made to look like they're from an executive in your company. The message might contain a request to forward employee records, including their T4s, but that’s not all...
Another common scheme, which doesn’t only happen during tax season, involves getting a call from a person declaring to be a CRA employee. And no, caller IDs won’t save you because they can forge that, too. The phisher will inform you that you owe them cash from back taxes and they will threaten legal action if you don’t pay via credit card at that instant.
Always remember, the CRA will never contact you on the phone to let you know that you owe them money. And they certainly won’t threaten you or demand payment over the phone. They also don't accept Bitcoin or Apple gift cards as forms of payment! If the CRA need to notify you of such matters, they’ll use the postal service and will give you a chance to discuss payment terms.
Standard protection protocols
Don’t worry, the usual security measures against these phishing scams are pretty easy to integrate into your business. Begin by developing a policy that bans the request of private details through email. If an employee ever requires such info, they should get in touch with the person directly, follow your established protocols for the transfer of sensitive information, and minimize the number of people involved in the transaction.
Taking security a step further
Data loss prevention (DLP) systems are also valuable weapons against these types of phishing attacks. They evaluate traffic going in and out of your company, such as web usage, emails and instant messages, and virtually anything sent on your network. DLP systems can filter out private details, including Social Insurance Numbers, and stop them from being sent out.
But beware, DLP systems come with a minor drawback, as they can also block legitimate traffic, like when your accounting department sends tax info to your accountant. Fortunately, an MSP like us can properly segregate the good and the bad traffic to avoid confusing and/or frustrating your employees.
Phishing schemes may be a normal occurrence during tax season, but that doesn’t mean you can’t do anything about it. Don’t let the vulnerabilities in your business, particularly the human element, fall prey to cybercriminals. Send us a message right away and we’ll conduct an assessment of the security of your business, as well as design a risk management plan to help counter future complications.