IRS and FBI warn about business cyber scams that target COVID teleworkers

December 4, 2020

Among the many things COVID-19 has changed, possibly forever, is how and where we do our jobs. The work from home trend also has provided cyber criminals new ways to steal our identities and money — corporate cash, too — using telework security lapses and system flaws.

TGIF!

Yeah, workers still say this. However, there's a little less exultation in the announcement nowadays, what with many of us still working from home due to continuing coronavirus pandemic precautions.

Plus, COVID-19 means our prior welcome weekend happy hours now are via Zoom.

The work from home (WFH) shift also has created new scam and identity theft opportunities.

Now, instead of (or more likely, in addition to) focusing on company computer networks, crooks are going after all of us clicking away at computers in our makeshift home offices.

That's why on this final day of National Tax Security Awareness Week 2020, the fifth annual focus by the Internal Revenue Service and its Security Summit partners on ways to stop or at lease slow tax-related crime, attention is given to ways crooks target tax professionals' businesses and their relocated employees.

"We've made tremendous progress in the past five years, but we still have work to do," said IRS Commissioner Chuck Rettig in this latest alert on potential telework scams. "The coronavirus and the increase in teleworking creates new ways for these sophisticated cybercriminals to scam people out of their money or their sensitive tax and financial information."

FBI warns of new email scamming technique: The IRS isn't the only federal agency concerned about such business-related schemes. The Federal Bureau of Investigation recently issued an alert about cyber criminals taking advantage of email auto-forwarding to increase their chances of success in Business Email Compromise (BEC) attacks.

BEC-business-email-compromise_1536349835_poster2

In usual business email scams, online crooks spoof, or mimic, a legitimate email address. That makes the recipient think it's coming from within the business or from a client. The scammer's message typically is a request for payment, which the crook says can be made via wire transfer or gift card.

As the COVID-19 pandemic prompted a mass shift to telework, it created an associated increase of web-based email applications, notes the FBI. With that change of work procedures, cyber crooks began exploiting a weakness in some systems.

They implement auto-forwarding rules on victims' web-based email clients to conceal their activities. The web-based clients' forwarding rules often do not sync with the desktop client, making it more difficult for corporate cyber security administrators to see and catch the changes.

This leaves the employee and all connected networks vulnerable to cyber criminals, said the FBI in its Nov. 25 Private Industry Notification of how cyber criminals are adjusting to changed work situations during COVID-19.

"Even after a financial institution or law enforcement contact warns a victimized business of a potential BEC, a system audit may not identify the updated email rules if it does not audit both applications, increasing the time a cyber criminal can retain email access and continue BEC activity," said the nation's top law enforcement agency.

Recent, costly BEC: Cyber criminals then capitalize on this reduced visibility to increase their BEC schemes' success rates, which already have been pretty productive for the bad guys. The FBI's Internet Crime Complaint Center (IC3) reported that BEC schemes in 2019 resulted in fraudulent payments of more than $1.7 billion worldwide.

The criminal cost of BEC using auto-forwarding email rules was evident in August. That's when cybercriminals used the technique to attack the recently upgraded web client of a U.S.-based medical equipment company.

After the criminals gained access to the network, they impersonated a known international vendor and ended up stealing $175,000.

In another version of the scam, the IC3 in 2019 saw an increase in the number of business email complaints related to the diversion of payroll funds.

"In this type of scheme, a company's human resources or payroll department receives an email appearing to be from an employee requesting to update their direct deposit information for the current pay period," the FBI said. The requested change then routes the employee’s paycheck to a criminal.

Stopping work-related cyber crime: The FBI's cyber crime experts recommend a variety of ways to reduce the likelihood of these scams. They include:

  • being watchful for last-minute changes in established email account addresses,
  • checking email addresses for slight changes that can make fraudulent addresses appear legitimate,
  • enabling multifactor authentication for all email accounts and
  • prohibiting automatic forwarding of email to external addresses.

Phishing scams still predominant: Recent BEC schemes essentially are a type of phishing, which remains a primary way that crooks try to get cash as well as individuals' personal and financial information.

Phishing holiday season candy cane hook_irs

Phishing emails generally have an urgent message, such as "your account password expired." They direct you to an official-looking link or attachment. But the link may take you to a fake site made to appear like a trusted source, where it requests your username and password.

In other cases, a scam email has a link or attachment that contains malware. It then secretly downloads software that tracks keystrokes and allows thieves to eventually steal the victim's passwords.

The Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA) recently issued a warning about increased phishing scam activity.

The IRS often sees thieves posing as potential clients, trying to trick tax pros into opening an embedded link or attachment. Scams involving COVID-19 and the Economic Impact Payments also have been prevalent.

Tax protection suggestions: The IRS and Security Summit also offer what they have described as the Security Six measures to protect against cyber crimes, both in-office and where WFH employees are involved.

They are:

  1. Use anti-virus software and set it for automatic updates to keep your systems secure. This includes all digital products, computers and mobile phones.
  2. Use firewalls. Firewalls help shield computers from outside attacks but cannot protect systems in cases where users accidentally download malware, for example, from phishing email scams.
  3. Use multi-factor authentication to protect all online accounts, especially tax products, cloud software providers, email providers and social media.
  4. Back up sensitive files, especially client data, to secure external sources, such as external hard drive or cloud storage.
  5. Encrypt data. Tax professionals should consider drive encryption products for full-drive encryption. This will encrypt all data.
  6. Use a Virtual Private Network (VPN) product. As more practitioners work remotely during the pandemic, a VPN is critical for secure connections.

A quick note here. These online security recommendations are not just for tax professionals. They can protect individual taxpayers, too.

Importance of virtual private networks: In its final Security Awareness tip this year, the IRS and Security Summit stress the use of VPNs for WFH employees.

A VPN provides a secure, encrypted tunnel to transmit data between a remote user via the internet and the company network. As teleworking or working from home continues during COVID-19, VPNs are critical to protecting and securing internet connections.

Failing to use VPNs can add risks to remote takeovers by cyberthieves, giving criminals access to the tax professional's entire office network simply by accessing an employee's remote internet.

Tax professionals should seek out cybersecurity experts whenever possible to help establish secure in-house and telework systems. You also can search online using the term "Best VPNs" to find a legitimate vendor. Also check out major technology sites, which often provide lists of top services.

The bottom line is that workplace security, whether the work is being done from an office or from employees' homes, always has been critical to protecting tax professionals, their taxpayer clients and Uncle Sam from tax ID theft. The security focus is even more vital during this global medical crisis when more people are in unfamiliar work environments.

Wherever you are, on or off the timeclock, stay safe, stay secure, stay vigilant.

You also might find these items of interest:

 

Coronavirus Caveat & More Information
In 2020, we're all dealing with extraordinary circumstances,
both in our daily lives and when it comes to our taxes.
The COVID-19 pandemic and efforts to reduce its transmission
and protect ourselves and our families means that,
for the most part, we're focusing on just getting through these trying days.
But life as we knew it before the coronavirus will return,
along with our mundane tax matters.
Here's hoping that happens soon!
In the meantime, you can find more on the virus and its effects on our taxes
by clicking Coronavirus (COVID-19) and Taxes.

 

Advertisements

 




 

Share:

The More Tax Posts tab at the top of this page will take you to, well, more tax posts. You also can search below for a tax topic. 

Latest Posts
6 tax moves to consider this June

June 3, 2026

Definitely take a break this June. But taxes don’t take vacations. So, you also should…

Read More
Tax Season 2026 Continues!

We made it. Tax Day 2025 is finally over. For most of us. When the filing season started on Jan. 26, millions who were expecting refunds filed immediately. Most of us got our returns to the Internal Revenue Service by April 15. But plenty of taxpayers also got extensions. They are looking at an Oct. 15 filing deadline.

Those procrastinating filers aren’t a problem. In fact, the IRS appreciates taxpayers who take time to fill out their 1040 forms correctly. It also is grateful that tax submissions are spread out a bit, especially now that the IRS is a leaner agency. Processing returns is easier when they arrive throughout the year instead of in massive bunches.

But enough about Uncle Sam’s tax collection issues. The focus now is on all y’all who filed for extensions, giving you another six months to complete your return. Since your new mid-October due date will be here before you know it, let’s get started now on meeting it.

The ol’ blog is here to help you finish up your extended Form 1040. You can start with January’s tax tips page, which has links to the rest of the year’s tips by-month collections. You also can peruse various tax categories for more tailored advice by clicking on the More Tax Posts drop-down menu at the top of this (and every) page.

And to make sure you don’t miss your new filing deadline, the count-down clock below will let you know just how much time you to file by Oct. 15. At the latest.e. (Note: I’m in the Central Time Zone, so adjust accordingly for where you live.)

Credits/Deductions
Disasters
Family
Filing and Paying Taxes
Politics/Laws
Refunds
State Taxes
Tax Brackets/Inflation
Tax Tips
Comments