Missouri State University

Skip to content Skip to navigation
a b c d e f g h i j k l m n o p q r s t u v w x y z

College of Business News

"Think Bigger and Bolder"

Bears Business Brief: How to be prepared for tax scams

May 16, 2016 by Mary Grace Phillips

By: Shannon McMurtrey

Shannon McMurtrey
Shannon McMurtrey

I absolutely love this time of the year.  The Ozarks really starts to come alive with the beauty that many of us have probably come to take for granted over the years. I love the colors, the return of spring rains, spring turkey season, all of the new life, and the return of Cardinals baseball!

One thing that I really do not love, however, is the return of tax scams.

Many in the Ozarks, and all over the United States, have discovered that fraudsters have filed fraudulent tax returns in their name. It is a sickening feeling to learn that a criminal has somehow obtained your Social Security number and filed a return in your name. It is natural to wonder how in the world they obtained your data.

Unfortunately, that is a very difficult question to answer. With what seems like a new data breach being announced almost daily, there are a lot of potential avenues for a criminal to get your data. The IRS recently renewed its consumer alert for email schemes, after observing an approximate 400 percent increase in phishing and malware incidents so far in 2016.

I have written in this column in the past about “phishing,” the practice of sending an email to someone in hopes of getting them to click on a link or send information that they shouldn’t be able to access. There is another term that we should all be familiar with, “spear-phishing.” In a “spear-phishing” attack, the email that is sent is very personalized with information that would appear to be known only by those closest to you — friends, family, vendors, etc.

“Spear phishing” is the root cause of some of the most damaging cyber attacks currently being experienced by businesses of all sizes, many of them right here in the Ozarks. A couple of new variations on spear phishing attacks are starting to show up in the form of W-2 related scams and ransomware attacks.

In the W-2 scam, an email is sent to a payroll or HR professional — an email that appears to come from a senior executive (often the CEO or CFO). Of course, the email has been spoofed, but it will appear to be real unless it’s examined very closely. The email will request that the payroll professional send the CEO the individual W-2s for all employees, with an earnings summary for review.

Another variation that has been seen just asks for an updated employee list with name, Social Security number, date of birth, home address and salary. Unfortunately, because the request appears to be from the boss, in many cases this information gets sent to the requester without any questions asked.

This scam is particularly effective this time of year and has unfortunately already claimed many victims. If you receive anything requesting sensitive information, you should be extremely careful and diligent in verifying the identity of the person making the request and your need to provide it.

It should also be noted that email is not, at all, a secure channel of communication. Strong encryption should always be used when sending sensitive information via email.

Another attack that is having a devastating effect on small businesses are ransomware attacks. Ransomware attacks are also often initiated via a spear phishing email. These attacks typically involve tricking the user into clicking on a link and/or downloading software.

The software contains malware that encrypts the user’s (or company’s) hard drive, locking up all of their sensitive files and making them unavailable. The only options to retrieve the files are to either pay the “ransom” (typically with bitcoin, which creates an entirely new set of headaches for the victim) or be willing to commit the resources/money/time it will take to remove the malware from the computer and restore the files from a backup. The latter is, by far, the superior option.

Exercising extreme care when clicking on links or installing software can prevent each of these types of attacks.

Mature organizations that have mature security processes in place better protect their corporate assets and, more importantly, their people (through effective controls and end-user education). Unfortunately, mature security operations are quite uncommon.

Most organizations lack the cybersecurity leadership needed to address these problems. This is evidenced by the more than 1 million unfilled cybersecurity positions, worldwide, that exist right now.

Until we, as a society, address this lack of cybersecurity leadership, we will continue to be plagued by these issues.

Shannon McMurtrey, Ph.D., is director of Missouri State University’s master’s program in cybersecurity, as well as program director for the master’s in computer information systems in the department of computer information systems. Email:shannonmcmurtrey@missouristate.edu.

This article appeared in the May 13th, 2016 edition of the News-Leader and can be accessed online here.

 

Filed Under: Bears Business Brief, College of Business, Uncategorized Tagged With: Shannon McMurtrey

Categories

  • Ad Team
  • Alumni Spotlight
  • BearBiz Newsletter
  • Bears Business Brief
  • COB Connection
  • COB Scholarships
  • College of Business
  • David D. Glass Distinguished Lecture Series
  • Executive Advisory Council
  • Faculty and Staff Spotlight
  • Fashion & Interior Design Department (see Merchandising and Fashion Design Department)
  • Featured
  • Finance and Risk Management
  • health administration
  • Homecoming
  • Information Technology
  • Information Technology and Cybersecurity
  • Management
  • Management and Information Technology
  • Marketing
  • MBA
  • Merchandising and Fashion Design Department
  • Online
  • School of Accountancy
  • Student Spotlight
  • Student Success
  • Technology & Construction Management
  • Uncategorized

Tags

accounting Ad Team AITP Alumni Spotlight Barry Cobb Bears Business Brief Beta Alpha Psi COB COB alumni COB Career Fair COB impact College of Business community engagement Computer Information Systems Cybersecurity David Meinert Enactus Entertainment Management Faculty Spotlight Fashion Fashion Design FID Finance Finance and General Business Glass Hall renovation Information Technology International Business Programs James Philpot Jeff Jones Kerri Tassin Les Heitger marketing Marketing Department MBA Rayanna Anderson Richard Ollis Risk Management and Insurance School of Accountancy Shannon McMurtrey Stephanie Bryant Student Spotlight Student Spotlight Study Away Technology and Construction Management Vickie Hicks

Meta

  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org
Make your Missouri statementMake your Missouri statement
  • Last Modified: May 16, 2016
  • Accessibility
  • Disclaimer
  • Disclosures
  • EO/AA/M/F/Veterans/Disability/Sexual Orientation/Gender Identity
  • © 2013 Board of Governors, Missouri State University
  • Contact Information