Spear-Phishing Gets Taxing!

As this year’s tax season picks up steam, hackers are increasingly looking to crack the IRS code. And we’re not talking about the volumes of arcane rules and regulations that accountants and others pore over every single day.

Over the last few weeks, a number of companies—including Seagate, Snapchat and SevOne—have succumbed to spear-phishing attacks aimed at tax data. The latest victim was payday lending firm Moneytree, which reportedly handed over Social Security numbers, home addresses and W-2 information for about 1,200 employees.

The IRS has issued a special bulletin alerting payroll and HR professionals about the scheme, which makes it appear that a company’s senior executives—or the IRS—are requesting the information about employees. The agency reported that it had witnessed a 400 percent increase in phishing and malware incidents so far this year.

To be sure, the crooks are getting smarter and better at tricking people. According to a just released study conducted by Cloudmark and Vanson Bourne, more than 84 percent of respondents estimated that a spear-phishing attack had penetrated their organization’s security defenses. In addition, they reported that 28 percent of spear attacks get through their organization’s security defenses.

On average, respondents estimated that the financial cost of spear-phishing to their organization was more than $1.6 million over the last 12 months. Moreover, 43 percent said that they suffered a loss in employee productivity as a result of spear-phishing attacks, and 29 percent indicated that their company reputation had taken a hit.

Clearly, current protections and training methods are not working as intended. Nearly 80 percent of the organizations surveyed have a training program in place to thwart attacks, but only 3 percent said that all employees passed a simulated spear-phishing test. On average, respondents estimated that 16 percent of staff members failed their organization’s most recent spear-phishing test.

There are no easy answers. Remarkably, 71 percent of organizations have already deployed a spear-phishing solution, according to the survey.

However, until we see far more advanced security systems—including those that tap cognitive computing and deep learning—the problem will almost certainly continue. Even then, hackers, attackers and thieves will likely find some other way to trick, deceive and bamboozle people.

In the end, it all comes down to a fairly basic but critical concept: It’s impossible to over-train your staff about spear-phishing and other security threats.

 

Feeling stuck in self-doubt?

Stop trying to fix yourself and start embracing who you are. Join the free 7-day self-discovery challenge and learn how to transform negative emotions into personal growth.

Join Free Now

Picture of Samuel Greengard

Samuel Greengard

TRENDING AROUND THE WEB

If you want your 70s to be some of the best years of your life, say goodbye to these 7 behaviors

If you want your 70s to be some of the best years of your life, say goodbye to these 7 behaviors

The Blog Herald

The art of deep focus: 8 habits to get more done in less time

The art of deep focus: 8 habits to get more done in less time

Global English Editing

If you really want to take control of your financial future in 2025, say hello to these 7 new habits

If you really want to take control of your financial future in 2025, say hello to these 7 new habits

Personal Branding Blog

People who express themselves better through text than speaking usually display these 9 behaviors, according to psychology

People who express themselves better through text than speaking usually display these 9 behaviors, according to psychology

Small Business Bonfire

Nature’s prosperity: A symphony of cycles

Nature’s prosperity: A symphony of cycles

The Vessel

If you’re going through challenging times, these 6 habits will make you stronger

If you’re going through challenging times, these 6 habits will make you stronger

Jeanette Brown