W-2 2017 form

One of the most powerful ways you can engage your workforce with your security awareness program is not only help secure them at work but in their personal lives. When you can provide real value, they will listen. An excellent example was the Equifax hack last September. By providing people actionable steps they could take to protect themselves as a result of the hack, you had an amazing opportunity to engage people about cyber security. Tax season is another great opportunity. On 29 January tax payers in the United States can start filing their taxes. This also means cyber criminals can kick off their tax fraud campaigns. Tax fraud is when cyber criminals pretend to be a certain individual and submit a tax refund in that individual’s name. The IRS defines tax fraud as “when someone uses your stolen Social Security number to file a tax return claiming a fraudulent refund.” As a result of the Equifax hack, over 100 million US tax paying citizens are at risk.

Unfortunately, many tax fraud victims do not learn that they are a victim until they file their own taxes, only to have the IRS respond that they cannot get a refund as that was already submitted. One of the key steps US taxpayers can do to protect themselves is file their taxes as soon as possible, before any cyber criminals do. As such, this is a great opportunity for you to explain to your workforce how to protect themselves, provide value, and reinforce some key security behaviors. For example, not only share with them how to protect themselves with tax fraud, but remind them about tax related phone call scams or phishing attacks. This reinforces the secure behaviors of identifying social engineering attacks, the very same type of attacks so common in the work place. Here is an example email you can consider sending out to your US workforce (I recommend coordinating this email with your HR).

Example Email:

Hi,

Folks, as you know tax season is upon us. US taxpayers are required to file their 2017 taxes by Tuesday, 17 April. What you may not know is as of 29 January, you can begin to file your taxes now. Human Resources will be sending out W2 forms to all employees and 1099 forms to all contractors by XXXX. To protect yourself against tax fraud, we recommend you file your taxes as soon as possible. In addition, remember this is the time of year when cyber criminals will try to scam you with tax based attacks. Examples included cyber criminals calling you pretending they are the IRS and demanding you pay your taxes right away or they will arrest you. Or phishing emails explaining your taxes are overdue and you must go to a website or open an attachment to process your overdue taxes. Remember, any message that creates a strong sense of urgency is a big indicator of an attack. In addition, the IRS will never call or email you, the only way the IRS will reach out to you about any tax issues is by regular mail. To learn more about tax fraud and additional ways to protect yourself, we suggest the articles File Your Taxes Before Scammers Do It For You and the IRS’s website Taxpayer Guide to Identity Theft.

For any security related questions, reach out to XXXX or visit our security portal at XXXX.

Events like this are an amazing opportunity to not only engage your workforce but to reinforce key security behaviors. To learn more about building a mature awareness program, attend the 5th annual Security Awareness Summit 8/9 August in Charleston, SC, the world’s largest event for security awareness officers to network and learn from their peers.