| |||
News EssentialsThe Newsroom TopicsIRS Resources | Issue Number: IR-2024-128Inside This IssueNational Small Business Week: IRS warns entrepreneurs to take precautions on data security; protect their businesses, employees, customers WASHINGTON — As National Small Business Week continues, the Internal Revenue Service urges entrepreneurs to put in place data security safeguards protecting their financial, personal and employee information from scams and cybercriminals hunting for easy targets. The IRS continues to see instances where small businesses and others face a variety of financial and identity theft related schemes that try to obtain information that can be used to file fake small business tax returns, rob business bank accounts and create stolen identities. For example, "phishing" and "spearphishing" scams continue to target small businesses as well as tax professionals and individual taxpayers. Small businesses continue to be targets of Form W-2 scams where identity thieves try to trick company leaders into sharing sensitive data. "Each year, the IRS sees thousands of attempts trying to attack small business owners and other taxpayers. Those who are victimized by these schemes can see serious financial consequences," said IRS Commissioner Danny Werfel. "Cybercriminals are relentless, and anyone can be a target. The best way business owners and individuals can protect themselves is to stay well informed on the latest scams, continuously protect their computers and smart phones and install data security at home and in the business to protect sensitive information." Cybercriminals never sleep Data theft and cyberattacks are global threats that can use scams and fraud schemes to victimize individuals and small businesses any time of the day or night. Cybercriminals are pros at covering their tracks and can be hiding anywhere in the world. They use patterns of human behavior and computer systems to steal financial and personal information and snag victims. If small businesses don't properly protect their computer systems and train their staff on smart data protection practices, owners become easy targets for bad actors looking to break into bank accounts, steal identities or gain access to other sensitive financial or personal information. The IRS urges the small business community to stay on guard against cybercrime and to understand how important it is to safeguard their business data against identity theft. They should employ robust technology tools and services to rigorously safeguard financial and trade information, as well as protect data directly connected to customers, employees and business partners. Cybercriminals are constantly looking for weaknesses to exploit. By implementing basic cybersecurity measures and training employees, small business owners can significantly reduce their risk of a costly attack. These attacks can target a business's most valuable data, including:
Taking basic cybersecurity steps early and staying vigilant, armed with information about the latest scams, will help safeguard entrepreneurs' business investments, customers and employees. How fraudsters target victims: scams, scams and more scams Fraudsters and cybercriminals are clever manipulators of human behavior. They use a potential victim's natural desire to socially interact and communicate with others as an open door to attempt data and identity theft. Using common technologies like email, texting and social media, fraudsters go "phishing" by sending messages to thousands of targets at once that are designed to steal personal information directly, or by getting the victim to click on an embedded link or attachment. Using email as a method to manipulate behavior through "phishing" remains a timeless tactic by thieves hunting for potential victims. Small businesses should remain vigilant against tax-related "phishing" email scams, which can often be cleverly written to fool employees into opening harmful embedded links or attachments. Small businesses and consumers are encouraged to send IRS-related scams to phishing@irs.gov. One such example is the Form W-2 theft scheme. While versions of these scams evolve and change over time, in the most common version, a thief poses as a high-ranking company executive who emails payroll employees and asks for a list of employees and their W-2s, which contain sensitive tax and financial data. As these scams become more sophisticated, small businesses may not be aware they've been the victim of a tax scam until fraudulent tax returns begin appearing with employees' names. There are special reporting procedures for employers who experience the W-2 scam. Visit Identity Theft Central's business section for additional information. The Dirty Dozen The IRS publishes the Dirty Dozen yearly, a list of prevalent scams and fraudulent schemes that threaten small businesses and other taxpayers. These threats include unscrupulous and aggressive promoters of questionable claims for the Employee Retention Credit (ERC). These questionable ERC claims often put unsuspecting businesses and other entities in jeopardy of penalties, interest and potentially even criminal prosecution for claiming the ERC when they don't qualify and aren't entitled to it. The Dirty Dozen also provides information on what to do if an individual or small business owner suspects they may be a possible victim. For example, businesses still have an option to pull back on any unprocessed questionable ERC claims and should quickly pursue the claim withdrawal process for any tax period that hasn't been paid yet. Business owners can use the Dirty Dozen as a starting place for their own research on popular scams from other trusted sources. One of the most egregious scams reported by the Dirty Dozen currently impacting small businesses is the "New Client" "spearphishing" scam. Spearfishing targets specific individuals, organizations or businesses with malicious emails or text messages. In the "New Client" scam, cybercriminals present themselves as a new, potential client to a known tax professional or business owner, asking them to respond to their emails. If the unwitting preparer or business owner responds, the criminal then sends a malicious attachment or website address that can compromise the victim's computer systems and allows the attacker to access sensitive customer and financial information. Here are some red flags for which to watch out:
By staying alert and understanding these tactics, small business owners can protect themselves and their customers from falling victim to the "New Client" scam. It's always better to be cautious than compromised. Don't be an easy target, learn cybersecurity basics Small business owners are strongly encouraged to learn as much as possible about cybersecurity best practices, even when day-to-day information technology protection is outsourced. The IRS recommends business owners implement the Best Practices published by the U.S. Federal Trade Commission. Many will be familiar, common-sense habits and techniques, but don't take them for granted. What works at home, also works for businesses. Protect business files and devices:
Protect the business wireless network:
Make smart security "business as usual:"
More information on how business owners can protect their investments, customers and employees from cybercriminals is available at FTC's Cybersecurity for Small businesses. What to do next if a small business is a victim of identity theft The IRS has also published Form 14039-B, Business Identity Theft Affidavit, allowing small businesses to proactively report possible identity theft to the IRS when, for example, an e-filed tax return is rejected. Small businesses should file Form 14039-B if they receive a:
If a small business owner has been targeted by tax fraud, the IRS offers Form 14039-B to help resolve the issue quickly. This form allows the IRS to streamline communication and work faster to fix the problem. However, small businesses should not use Form 14039-B if they are the victims of a data breach with no tax-related impact. See Identity Theft Central's businesses section for more details. The IRS also urges small business owners to keep their Employer Identification Number (EIN) application information current. Changes of address or responsible party may be reported using Form 8822-B, Change of Address or Responsible Party - Business. Changes in the responsible party must be reported to the IRS within 60 days. Current information can help the IRS find a point of contact to resolve identity theft and other issues. Report spearphishing and other scams Business owners should report scams immediately by sending the suspicious email or a copy of the text message as an attachment to phishing@irs.gov. The report should include the sender's email address, the caller's phone number, date, time and the phone number or email address that received the message. The Report phishing and online scams page at IRS.gov provides more information on what to look out for and how to report phishing and scams. Taxpayers can also report scams to the Treasury Inspector General for Tax Administration or the Internet Crime Complaint Center. Another useful tool is the Federal Communications Commission's Smartphone Security Checker. And depending on the scam in question, business owners and individuals may also send the information to the IRS Whistleblower Office for a possible monetary award. Reporting scams helps identify new emerging threats. The Office of Fraud Enforcement's Emerging Threat Mitigation Team partners with internal and external stakeholders to identify and mitigate threats to tax administration. To report abusive promoters and preparers, complete the online Form 14242 – Report Suspected Abusive Tax Promotions or Preparers, or mail or fax a completed Form 14242 and any supporting material to the IRS Lead Development Center in the Office of Promoter Investigations. Mail: Internal Revenue Service Lead Development Center Stop MS5040 24000 Avila Road Laguna Niguel, California 92677 3405 Fax: 877-477-9135 Taxpayers and tax professionals can also submit this information to the IRS Whistleblower Office, where they may be eligible for an award. For details, please refer to the sections on Abusive tax schemes and abusive tax return preparers. For more information on a broader range of topics and answers to small business tax questions, please visit IRS.gov.
Thank you for subscribing to the IRS Newswire, an IRS e-mail service. If you know someone who might want to subscribe to this mailing list, please forward this message to them so they can subscribe. This message was distributed automatically from the mailing list IRS Newswire. Please Do Not Reply To This Message. |
Wednesday, May 1, 2024
IR-2024-128: National Small Business Week: IRS warns entrepreneurs to take precautions on data security; protect their businesses, employees, customers
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment