The warning follows several incidents in which hackers sent company officials what appeared to be legitimate requests for copies of their workers’ W-2s. Renovate America, a solar financing company in Rancho Bernardo, inadvertently gave a hacker sensitive tax information for about 800 current and former employees. Such “phishing” attacks are increasing — and can be avoided, said Kevin O’Brien, chief executive of GreatHorn, a Boston-based security company. O’Brien discussed the problem and what to do about it during an interview with The San Diego Union-Tribune.
If you read the IRS’ advice, it’s largely about what to do when a business user recognizes one of these attacks. Sadly, relying on folks who are just doing their jobs — and who are likely under pressure as tax season rolls around — to somehow identify sophisticated spoofing attacks and then flag them is a fool’s errand. The reality is that even with strong, foundational security in place, nearly 1 percent of all emails that get around existing security tools businesses invest in have indicators of fraud within them. That sounds small until you realize that by the end of this year, over 132 billion emails will be sent every single day. That’s a lot of malicious messages that could trick someone into giving up your family’s most private data.