Scamming Tax Refunds and COVID-19 Relief: The Weaponization of Trash and Recycling


Scamming Tax Refunds and COVID-19 Relief: The Weaponization of Trash and Recycling

In a recent study, researchers have discovered an upward surge in threat activity designed to capture a wide range of payments and appropriations between taxpayers and the government, targeting tax refunds to COVID-19 appropriations.

Some of these efforts trace back to accountants involved in tax preparation services that dispose of customer hard copy paperwork insecurely via the trash. Customer data culled from that paperwork then ends up on illicit online markets where it is bought and resold.  Similarly, when sensitive documents are downloaded from a secure channel, such as VPN, users may or may not delete the file after they are referencing it.  Unfortunately, users may leave the most sensitive files sitting on their hard drive or, if they delete it, in their “Trash” or “Recycle Bins”.

The most common methods of attack involve: (i) enticing an individual/company to give up their information through phony tax forms in advertisements shared on social media and other online platforms; or (ii) standard email phishing campaigns with pages disguised as IRS tax forms required for stimulus checks.

Steps to take to avoid these types of risks include:

  • Implement multi-factor authentication for any applications or databases storing financial or personally identifiable information, including email addresses.
  • Implement up-to-date secure encryption.
  • Train employees to recognize and report phishing attempts.
  • Institute processes that leverage separate channels (e.g., phone) to verify the legitimacy of requests for sensitive or personal information.
  • Dispose of sensitive information securely both physically (e.g., shredding paper documents) and virtually (e.g., empty Trash or Recycle Bins regularly)

As always, feel free to reach out to me to learn more or just talk at [email protected] or visit our website

Stay healthy.  Stay distant

Tags: #COVIDScams #COVIDCybersecurity #COVIDfraud

Leave a Reply