If you follow our Facebook and Twitter feeds then you’ve got a leg up—you know all about the growing phishing epidemic. Well-worded emails from supposed IRS workers or company execs have mislead many a dutiful employee. We’ve warned about this scamming method in the past, and the widespread threat continues to morph.
The need for vigilance is vital. For while cybersecurity insurance could save you, circumstance is king. Your solid cybersecurity policy is just one piece of a comprehensive approach to protection. Here’s where being the boss means stepping up and taking care of business, from double-checking coverage limitations to educating employees. And we’re right here with you, ready to help. So are the IRS and others, offering tips and pointers galore, even establishing an awareness campaign. Let’s glean from their experience.
What to do if an employee receives a questionable email? Encourage them to pause and think, ask a supervisor’s opinion, and be ever wary. Even if the sender seems credible, they should just assume they’re being baited. A word of wisdom to business owners: to prevent legitimate requests from being stalled, set up a process by which identity can be confirmed, and share details with need-to-know employees.
One good plan deserves another. Encouraging executives to limit the scope and exposure of their personal data on social media and networking sites could be the wrench that ruins a phisher’s scheme. Add to that routine simulated phishing attacks and you’ll have a top-down awareness to be reckoned with.
But even though you’re on guard, the emails can still come. And when they seem to be from an entity like the IRS, special precaution is due. US-CERT has some great suggestions on how to handle:
Remember that the IRS is old-school, so even if the sender’s address and email body appear to be from the IRS, if you haven’t received snail-mail hardcopy, assume you’re being phished*—don’t divulge any information. Keeping in mind that taxes cannot be filed on any IRS site and that any announcements will be made via their official website should act as a first line of defense against email tax scams.
Being armed with facts is key, because the specific, sneaky wording used may sound legit, even urgent. That’s why we’re duty-bound to emphasize the importance of employee education and training. While there’s no silver bullet to quell the tide of phishing attacks, supplying staff with facts, figures and real-life examples will go far toward fostering awareness and instilling best practices. Business owners are also afforded an opportunity to mold company culture: information sharing and incident reporting should always be encouraged, never feared. Company executives: you and your managers set the tone. Develop procedures by which suspicious correspondences can be reported, and encourage employee involvement.
What to do if you think you’ve been duped? Above and beyond checking the cybersecurity infrastructure you already have in place, US-CERT shares a few must-do’s:
Filing a complaint with the Internet Crime Complaint Center (IC3) isn’t a bad idea either. And while it’s surely a stressful time, the interim following a successful phishing attack can be seen as a valuable, teachable moment.
According to some experts, phishing is “cybercriminals’ next new favorite.” Basic facts of life in the cyber age, phishing and tax fraud affect individuals and businesses at an ever-increasing rate. So let’s use our combined knowledge this tax season to break the cybercrime cycle, making “security and protection just as important as receipts and deductions.” This is doable, and oh, so worth it.
These Terms & Conditions govern your use of this website; your use of this website indicates your acceptance of these Terms & Conditions in full.
Kindly note that the information and content provided on this website does not constitute professional advice. Although we do our best to keep everything on this site correct and up-to-date, we do not guarantee the completeness or accuracy of any information provided on this website. Improvements and/or changes in the products, services and/or programs described on this website may be made at any time without notice. We must also advise that hypertext links to other websites do not constitute an endorsement, nor do we guarantee any information provided by those sites.
While we do love when users share what they find on our website, it may be used or shared only for personal purposes. The information and content provided on this website is owned or licensed by Zinc, and should not be used or disseminated for any profit or gain.
While using this website, please be aware that no insurance coverages can be bound and no amendments, supplements, or modifications can be added to your policy, new or existing, unless and until you have received a written binder from us or your insurance company.
For users outside of the US: We make no claims that the content on this web site is appropriate or may be downloaded outside of the United States. If you access the site from outside the United States, you do so at your own risk and are responsible for compliance with the laws of your jurisdiction.
Even though we work hard to ensure the security and safety of our website and its users, we cannot and do not guarantee that this website will operate error-free, nor that this website and its server are without computer viruses or other harmful material. If your use of this website or material from it results in any costs or expenses, we will not be responsible for those costs or expenses. This website and its materials are provided without any warranties of any kind, to the fullest extent permitted by law.
Please bear in mind that we will not be liable for any losses or damages arising under these Terms & Conditions or in connection with this website, whether arising in tort, contract, or otherwise – including, without limitation, any loss of profit, contracts, business, goodwill, data, income, revenue or anticipated savings.
Finally, if for any reason any portion or provision of these Terms & Conditions is ruled to be unenforceable, that provision will be enforced to the maximum extent permissible so as to affect the intent of the Terms & Conditions, and the remainder of the Terms & Conditions will continue in full force and effect.
Thanks for getting in touch! You'll receive a confirmation email shortly.