Scams exposed! The most deceptive tax season traps (2024) – CyberTalk

Scams exposed! The most deceptive tax season traps (2024) – CyberTalk

EXECUTIVE SUMMARY:

Cyber scammers love tax season. Emotions run high and it’s easy for scammers to prey on FUD (fear, uncertainty and doubt). In the U.S., almost everyone is petrified (and peeved) by the tax system’s complexity, discouraged by deceptive tax service providers, and perpetually uncertain about their calculations.

Then of course, there’s also the possibility of owing a significant bill, of failing to receive funds, or of the inability to submit taxes on-time due to technological failures. Given the anxiety-ridden and sometimes grueling nature of the tax return process, cyber scammers have a field day preying on people.

Whether you’ve been filing taxes for just five years or for fifty years, anyone can fall victim to a tax season scam. This year, take care. Memorize the techniques employed in the most subtle and insidious scams and don’t forget to share insights with colleagues, family and friends:

IRS impersonation scams

1. Phone calls from the IRS. Scammers can spoof the IRS phone number, leading targets to believe that the IRS is on the line; that a legitimate IRS agent has a message for them.

Because no upstanding citizen wishes to deliberately flout the law or to ignore a call from an official agency, people are prone to providing ‘IRS agents’ with personal information — especially social security numbers.

2. Emails impersonating the IRS. Scammers send zillions of fake emails to people that appear to be from the IRS. Emails may display the IRS logo and otherwise look official. These emails ask for personal information or instruct people to input personal data into fake websites.

 Last year, Americans lost  $4.2 million to Internal Revenue Service (IRS) impersonators.

3. Account set-up assistance scams. Scammers sometimes chase vulnerable populations (the elderly, the differently-abled, the very young) to offer assistance with online account set-up. If you need assistance setting up an online account, contact the IRS directly.

Tax professional scams

4. Ghost tax preparers. Fraudulent tax preparers sometimes promise significant rebates or huge tax returns. However, their practices are illegal.

5. ‘I’ll help you negotiate a settlement’. Scammers may pose as helpful negotiators who can expeditiously resolve tax issues. Individuals who face mountains of debt may be tempted to talk to anyone who can ease the burden. While some scammers will prepare taxes for individuals, the red flag is that they won’t sign the taxes. Legitimate service providers will.

High-income filer scams

6. Charitable remainder annuity trust (CRAT) scams. These scams promise to eliminate ordinary income or capital gains tax on property sales. In essence, high-income individuals transfer assets into a trust, receive annuity payments and specify a charity as the ultimate beneficiary. While created as an altruistic mechanism for sharing wealth, scammers can manipulate situations and lead people to use CRATs as tax shelters.

7. Monetized installment sales scams. In these scams, fraudsters sell assets and assist individuals in deferring capital gains taxes. Legal grey areas are exploited and deals are structured in such a way as to fit the dictionary definition of tax evasion.

8. Captive insurance arrangements. High-income earners sometimes seek to reduce tax liability by developing their own insurance companies (captives). These are intended to insure risks related to a business, but there are ways in which scammers can abuse this structure for their own gain.

General scams

  9. Tax refund accelerator scams. To execute these scams, fraudsters send personalized emails or share website details about a special service that promises to expedite the tax refund process, ensuring that consumers receive money faster than average.

Scammers manipulate people by emphasizing that the service is exclusive and only available for a limited length of time. Once victims provide personal details, the scammers disappear.

10. Unexpected calls from the Taxpayer Advocate Service. Although the Taxpayer Advocate Service is a legitimate IRS program, scammers may impersonate the group in order to gain a potential victim’s trust (and ultimately, their data, which can be used for multiple types of theft).

Another subtle sign of fraud…

Should you receive a notice about a “duplicate tax return” or a notice stating that additional taxes are owed, contact the IRS directly.

If you think that you’ve fallen for a tax scam…

If you think that you’ve become the victim of a tax scam in the U.S, reach out to the IRS immediately and report the scam to the Better Business Bureau.

Lastly, subscribe to the CyberTalk.org newsletter for timely insights, cutting-edge analyses and more, delivered straight to your inbox each week.

Mastering the CISO role: Navigating the leadership landscape – CyberTalk

Mastering the CISO role: Navigating the leadership landscape – CyberTalk

Cindi Carter, Field CISO West at Check Point, and Pete Nicoletti, Field CISO East at Check Point, recently advanced the following discussion at Check Point’s flagship event, CPX 2024.

The evolving CISO role is an important and interesting topic in cyber security, which is why we’re empowering you with foundational, value-driven perspectives here. Elevate your cyber security organization with first-hand guidance from those at the forefront of innovation and excellence.

In an age of digital transformation, the role of the Chief Information Security Officer (CISO) has undergone and is still undergoing a profound evolution. No longer confined to technical risk mitigation, today’s CISOs must be strategic business partners, skilled communicators, and catalysts of cultural change within their organizations.

A recent industry panel at the influential CPX 2024 conference in Las Vegas shed light on the shifting demands facing security leaders. As Dan Creed, CISO at Allegiant Travel Company, stated, “Ask SolarWinds what the consequences are…” for CISOs who fail to effectively communicate security priorities to the broader business.

The expanding attack surface

The root of this challenge lies in the expanding attack surface brought about by digital transformation. While past breaches often stemmed from vulnerabilities in corporate infrastructure, the greatest risks now emanate from employee devices and cloud-based services. As IT has transitioned from a cost center to a revenue driver, CISOs must integrate with lines of business and advise on strategic decisions.

IDC’s survey of 847 cyber security leaders reflects this shift, with only 12% citing technical skills as the most important CISO attribute. Instead, respondents highlighted leadership, team-building, and business management as the critical competencies.

“The consequence of not establishing those relationships [is] you get a culture at the company of ‘Well, it’s not my responsibility,’” one CISO warned, echoing the experiences of organizations like SolarWinds and MGM, where security lapses occurred due to a lack of security awareness and ownership among employees.

Fostering a security-aware culture

Successful CISOs are addressing the security awareness challenge by adopting a more user-centric approach, making security transparent and easy to use. As Pete Nicoletti, Field CISO at Check Point, explained, “Security should lubricate business and make it faster.” This could mean streamlining cumbersome VPN processes or transitioning to passwordless authentication.

Some CISOs are even experimenting with financial incentives, tying security culture metrics to bonus pools. “If your department does better, it increases your bonus pool above the norm […] and if you don’t, then it hits your bonus.”

Cultivating C-suite partnerships

CISOs must also cultivate stronger partnerships with their C-suite counterparts. IDC’s survey revealed discrepancies in how CISOs and CIOs perceive the CISO’s role, underscoring the need for better alignment.

Creed recounted a recent example where the Allegiant Travel board made decisions about connected aircraft without involving the CISO, leading to a last-minute “fire drill” to address cyber security requirements. “Do you think the board, when they first started talking of going down this path of ‘we’re going to expand the fleet’, considered that there might be security implications in that?” he asked.

Educating executives on security risks

To bridge this gap, CISOs must proactively educate executives on the business implications of security risks and advocate for a seat at the strategic decision-making table. As Russ Trainor, Senior Vice President of IT at the Denver Broncos, suggested, “Sometimes I’ll forward news of the breaches over to my CFO: here’s how much data was exfiltrated, here’s how much we think it cost. Those things tend to hit home.”

The evolving CISO role demands a delicate balance of technical expertise, business acumen, and communication prowess. CISOs who master these skills will not only mitigate cyber threats, but also position themselves as indispensable partners in driving their organizations’ digital transformation and growth.

“A lot of CISOs are rather gun-shy; hesitant to talk to the business about cyber security. Do better in trying to foster that human connection,” says CISO Cindi Carter.

For more insights like this, please see CyberTalk.org’s past coverage. Lastly, to receive cutting-edge cyber insights, groundbreaking research and emerging threat analyses each week, subscribe to the CyberTalk.org newsletter.

The future of AI and ML (in 2024) – CyberTalk

EXECUTIVE SUMMARY:

In businesses everywhere, mention of Artificial Intelligence (AI) simultaneously evokes a sense of optimism, enthusiasm and skepticism, if not a certain degree of fear. The AI robots are about to take control of the…sorry, wrong article.

The future of AI and ML in 2024

The rapid advancement of artificial intelligence has led to its widespread integration across industries and ecosystems, including those belonging to both cyber adversaries and cyber defenders.

Hackers hope to get a handle on AI in order to launch new threats at-speed and scale. According to experts, adversarial plans likely include phishing initiatives with ransomware payloads, deepfake scams that deceive executives, and malware scripts that are rewrites of existing threats, enabling the code to evade detection.

“Next year we’ll see more threat actors adopt AI to accelerate and expand every aspect of their toolkit,” says Check Point Threat Intelligence Group Manager, Sergey Shykevich.

AI as a double-edged sword

However, although hackers aim to use AI maliciously, AI is a double-edged sword, and research indicates that it will serve as a valuable force-multiplier for cyber security professionals in 2024 (and beyond). It will continue to transform threat identification, enhance organizations’ security posture, and lead to a safer cyber ecosystem across industries.

“Just as we have seen cyber criminals tap into the potential of AI and ML, so too will cyber defenders. We have already seen significant investment in AI for cyber security, and that will continue as more companies look to guard against advanced threats,” says Shykevich.

The key is leveraging AI’s strengths to counter its own weaknesses.

Leveraging AI’s strengths

Among cyber security professionals, artificial intelligence is often used at the “identification” stage of the SANS Institute’s well-known incident response framework. In other words, AI can help identify incidents in minutes, rather than in hours or days. AI can quickly parse through immense volumes of data to isolate patterns that point to the source and scope of a threat.

A truncated incident identification timeline can lead to faster breach containment, saving organizations on costs. The Cost of a Data Breach 2023 global survey has found that use of AI can speed up breach containment by 100 days (on average), and that AI and automation have delivered cost savings of nearly $1.8 million for individual organizations.

“In the coming year, we must innovate faster than the threats we face to stay one step ahead. Let’s harness the full potential of AI for cybersecurity,” says Shykevich.

Enhancing cyber security posture

In terms of bolstering an organization’s overall security posture, because AI can learn from past threats, AI can vastly improve threat detection capabilities. Using historical data, machine learning algorithms can track patterns and actually develop adaptive, new threat detection methods, making cyber breaches more difficult for adversaries to execute over the long-term.

AI can also automate repetitive tasks, eliminating human error and enabling humans to take on higher-level work. Beyond that, AI can improve the accuracy of decision-making, elevating the competence levels of cyber security teams.

All of these actions, among others, enable AI-powered solutions (and AI-focused security staff) to protect people, processes and technologies better than otherwise possible via traditional cyber security tools. AI is becoming and will continue to establish itself as an invaluable asset within the cyber security landscape.

That said, “In general, while organizations have found that AI is sexy, that doesn’t mean that we need to use AI everywhere. We need to be careful. We need to use it when it’s relevant, and not when it’s irrelevant,” cautions Check Point’s Global CISO emeritus and Field CISO for the EMEA region, Jonathan Fischbein.

A safer cyber ecosystem at-large

AI-based cyber security solutions are becoming increasingly critical components of cyber security stacks, and they’re not only strengthening individual organizations’ security – they’re able to help strengthen third-party security, ultimately strengthening the security of the supply chain and that of industry ecosystems at-large.

Policy makers around the world are convening to address the risks associated with AI and automated systems, working to ensure the security of divergent industries – from critical infrastructure to healthcare –  and protection for those who they serve. “There have been significant steps in Europe and the US in regulating the use of AI,” says Shykevich.

AI is fostering new types of partnerships between humans and machines, which allow for outsized cyber security outcomes – ones that amount to more than the sum of their parts.

Rapid change and growth

In the next few months, industry analysts anticipate continued evolution of AI-based cyber security capabilities, along with creative new use-cases for corresponding applications and code.

AI’s meteoric rise across the past decade, which has massively accelerated within the past year, signals its incredible potential to reshape the cyber landscape. Despite some degree of risk, artificial intelligence presents promise and hope for digital security like never before.


For further information about AI, ML and cyber security, please see the following resources

  • Explore the advantages of implementing AI within cyber security – Learn more
  • For more in-depth AI and cyber security insights, check out this whitepaper – Download now
  • Discover ThreatCloud AI, the brain behind Check Point’s best security – Product information

What is Cryware? What Microsoft wants you to know right now

Microsoft warns of “Cryware” infostealing malware that targets cryptocurrency wallets. What is Cryware? Cryware attacks lead to the irreversible theft of virtual currencies through fraudulent transfers to adversary controlled wallets. Cryware information stealers collect and exfiltrate data directly from “hot” wallets or online cryptocurrency wallets. Due to the fact that hot wallets are […]

Robin Hood ransomware demands goodwill ransom for charity

By Edwin Doyle, Global Security Evangelist, Check Point Software. GoodWill ransomware forces victims to record acts of kindness and to then publish corresponding content on social media. GoodWill ransomware In traditional ransomware attacks, the ransomware operators hold files or networks hostage in exchange for a ransom. They demand anywhere from hundreds to millions of dollars […]

US military pioneers Metaverse experiences that are amazingly sophisticated

The US military is creating its own version of the Metaverse. For years, militaries around the globe have used augmented reality (AR) and virtual reality (VR) to provide weapons training, equipment training and flight training for soldiers. Such tools can reduce costs associated with preparing soldiers for ‘live’ conditions, and lead to stronger […]

Interview with Tamas Kadar, CEO and Co-Founder of SEON

About Tamas Kadar: Tamas Kadar is an entrepreneur and former founder of Central Europe’s first crypto exchange. When his enterprise was targeted by fraudsters, he pivoted to offering fraud prevention technology. His newest firm, SEON, now protects 5000+ companies worldwide and raised the largest ever Series A funding in Hungary. In this exclusive Cyber Talk interview, […]

Conti ransomware gang shuts down, rebranding into smaller units

Given the fact that the infamous Conti ransomware gang recently threatened to topple the newly elected Costa Rican government, it may come as a surprise that the ransomware group has just shutdown its operations. In a press conference on Monday, May 16th, Costa Rica’s President Rodrigo Chaves reminded listeners that the Conti ransomware […]