Regional authorities handle huge amounts of information about their employees and local citizens, thus attracting cybercriminals who now often use phishing emails to steal such data, especially in tax season.
Regional authorities handle huge amounts of information about their employees and local citizens, thus attracting cybercriminals who now often use phishing emails to steal such data, especially in tax season.
The year 2018 began with aggressive cyber attacks in several U.S. states, when both individuals and legal entities started filing their tax returns for the previous year. Having stolen personal details, such as names, addresses, and wage amounts, criminals can file false returns requiring tax refunds.
On January 30, Keokuk city (Iowa) administration reported that fraudsters used a phishing scam to obtain the W-2 tax forms containing sensitive information about current and former employees and elected officials.
On the same day, the City of Pittsburg (Kansas) was subjected to the similar phishing attack that resulted in the release of W-2 tax forms to criminals imitating competent authorities.
In early February, news media reported the leak from the administration of Batavia city (Illinois). Someone sent a phishing email, designed to look like it was from the City Administrator Laura Newman, to a city official, asking the latter to supply W-2 information. The employee, not realizing it was fake, did so.
Moreover, the similar leaks from the City of Thomasville (Georgia) and Waldo County (Maine) compromised personal data of 269 and 100 city employees, respectively. It should be noted that Thomasville administration promptly responded to the incident and spent $22,000 to provide the affected employees with credit fraud protection.
Before that, Charlotte city (North Carolina) Housing Authority was hit with a tax season’s breach, when an email was sent to an employee purportedly from the CEO asking for all current and former W-2 records. The compromised information included employee names, addresses, social security numbers, and wages.
According to the U.S. Internal Revenue Service (IRS), 376,000 taxpayers reported falling victim to tax refund identity fraud in 2016. Despite a 46 percent drop from 2015, the fraud threat remains, and the IRS warns tax preparers of a new malware scam.
Data leakage is a pressing issue for local authorities in many countries, since their bureaucratic nature, low-skilled employees, insufficient funding, lack of prudent IT strategies, and simply negligence adversely affect overall information security.