IRS Fraud Alert Blog SANS Security Awareness

One of the most powerful ways you can engage your workforce with your security awareness program is not only help secure them at work but in their personal lives. When you can provide real value, they will listen. Tax season is a great opportunity. On 27 January tax payers in the United States can start filing their taxes. This also means cybercriminals can kick off their tax fraud campaigns. Tax fraud is when cybercriminals pretend to be a certain individual and submit a tax refund in that individual’s name. The IRS defines tax fraud as “when someone uses your stolen Social Security number to file a tax return claiming a fraudulent refund.”

Unfortunately, many tax fraud victims do not learn that they are a victim until they file their own taxes, only to have the IRS respond that they cannot get a refund as that was already submitted. One of the key steps US taxpayers can do to protect themselves is file their taxes as soon as possible, before any cybercriminals do. As such, this is a great opportunity for you to explain to your workforce how to protect themselves, provide value, and reinforce some key security behaviors. For example, not only share with them how to protect themselves against tax fraud, but remind them about tax related phone call scams or phishing attacks. The IRS will never use email, phones or messaging to contact you, the only way the IRS will contact an individual is through paper mail. This type of messaging helps reinforce in your workforce the secure behaviors of identifying social engineering attacks, the very same type of attacks so common in the work place. Here is an example email you can consider sending out to your US workforce (I recommend coordinating this email with your HR first).

Example Email:


Folks, as you know tax season is upon us. US taxpayers are required to file their 2019 taxes by 15 April. What you may not know is as of 27 January, you can begin to file your taxes now. Human Resources will be sending out W2 forms to all employees and 1099 forms to all contractors by XXXX. To protect yourself against tax fraud, we recommend you file your taxes as soon as possible. In addition, remember this is the time of year when cybercriminals will try to scam you with tax-based attacks. Examples included cybercriminals calling you pretending they are the IRS and demanding you pay your taxes right away or they will arrest you. Or phishing emails explaining your taxes are overdue and you must go to a website or open an attachment to process your overdue taxes. Remember, any message that creates a strong sense of urgency is a big indicator of an attack. In addition, the IRS will never call or email you, the only way the IRS will reach out to you about any tax issues is by regular mail. To learn more about tax fraud and additional ways to protect yourself, we suggest the articles File Your Taxes Before Scammers Do It For You and the IRS’s website Taxpayer Guide to Identity Theft.

For any security related questions, reach out to XXXX or visit our security portal at XXXX.

Events like this are an amazing opportunity to not only engage your workforce but to reinforce key security behaviors. To learn more about building a mature awareness program, join us at the 7th annual Security Awareness Summit, the world’s largest gathering of security awareness professionals to network and learn from each other.