tax scam
photo with grunge effect showing imprisonment for tax fraud

Many businesses and consumers are on high alert for tax-fraud scams during the first quarter of the year. But the exposure doesn’t end with the tax-filing season. Especially since criminals can monetize the same data year-round.

“W-2 data is the holy grail because you can’t reset it, like a password,” says Michael Marriott, a research analyst with Digital Shadows, a digital-risk management company. “PII (personally identifiable information) is always going to be attractive—it doesn’t matter what time of the year it is.”

Small- and medium-size businesses, in particular, can’t afford to lower their guard after April. The biggest misnomer is that they’re not an attractive target because of their smaller size, says Anthony Grieco, senior director and trust strategy officer at Cisco’s Security and Trust Organization.

“It’s not just a tax-time discussion,” Grieco says. “It needs to happen all the time.”Creating resiliency around cybersecurity is neither a seasonal nor a one-time activity, he adds.

Tax fraud still a popular crime

Fraud statistics for the 2017 season will not be available from the IRS for some time. But chatter observed by Digital Shadows on criminal sites and on the dark web indicates that fraudsters’ interest in this type of scam remains high.

Digital Shadows found that at the end of March, the number of mentioned keywords associated with tax fraud was 40 percent higher than in 2016. This continues the pattern of last year, when the number of mentions was higher than in 2015.

By contrast, the number of fraudulent returns identified by the IRS between 2013 and 2015 has decreased every year, according to a January report by the Treasury Inspector General for Tax Administration.

Marriott says the fact that the IRS hasn’t detected an increase in fraudulent filings doesn’t necessarily mean there’s an actual drop in attempted fraud.

“Part of it is due to the increased effort being put into preventing fraud,” he says.

Those efforts include tax-identity filters IRS now uses to identify potentially fraudulent returns. The IRS also locked some 31 million accounts of deceased taxpayers in 2016.

“The percentage of the times that (fraudsters) are successful has decreased, but it doesn’t mean it’s still not a profitable way to commit fraud,” says Victor Searcy, vice president of global resolution operations at CyberScout. (Full disclosure: CyberScout sponsors Third Certainty, where this article originally appeared.)

Scammers not worried about getting caught

The anonymity of the crime makes it especially compelling. When the IRS identifies potential fraud, it simply denies the refund claim—it doesn’t go searching for the culprit.

“There’s very little fear of being caught, and if they get caught, the chances of being prosecuted are really slim, and the penalties not as severe,” Searcy says.

It’s also an easy crime. Cyber thieves go so far as selling detailed how-to guides, Marriott says.

“Criminals find different ways to make money that can be repeatable,” he says. “For something like $30, you can buy a full tutorial on the steps you need to make money from tax fraud.”

Phishing remained on the IRS “dirty dozen” list of tax scams this year, following a 400 percent surge during the 2016 season. Those are schemes like the popular W-2 scam, a variation on the business email compromise. In February, the IRS warned it was seeing new and evolving schemes.

Cyber criminals expand their repertoire

The doubling down by the IRS on fraud and identity theft is good news for consumers. On the other hand, don’t expect cyber criminals to stop monetizing stolen information—or to stop phishing and other attacks come May.

For instance, the percentage of spam with malicious attachments is on the rise, according to Cisco’s 2017 Annual Cybersecurity Report. Cisco found that 65 percent of total email volume in 2016 was spam, and 8-10 percent of the spam was malicious. At the same time, cyber criminals were experimenting with a wide range of tactics.

Grieco says that organizations need a culture shift toward a holistic approach to cybersecurity, which includes educating employees. Small- and medium-size businesses have an advantage because fewer people need to be trained—for example, one accountant instead of a department of 100 workers.

“The scope of who you need to educate and about what risks becomes much more narrow, and therefore the impact of education can be much larger,” he says.

Being prepared for a cybersecurity incident is not unlike preparing for a power outage or a natural disaster. But SMB leaders need to have at least a basic understanding of the threats for their specific industry.

“It’s very similar to resilience activities you’d take in the physical world,” Grieco says. “Understanding where your critical systems are, how are you protecting them, how are you monitoring them, do you know what to do if something goes wrong—all of those basic ideas apply.”

This article originally appeared on and was written by Rodika Tollefson.