Beware of Taxing Authority Spoof Emails
Yesterday, a client of mine received the above email and forwarded it to me. I am glad she did, because it is a fake. In recent years, cybercriminals have become extremely proficient in mimicking what appears to be valid taxing authority correspondence for the purpose of extracting valuable data from businesses big and small.
As a reminder, the IRS never corresponds with taxpayers via unsecured email. Instead, their preferred methods of communication are U.S. mail, telephone, fax, and, more recently, secure email initiated through IRS.gov. More information on how the IRS communicates with taxpayers can be found here.
In your business, you possess a significant amount of patient data. One of the easiest ways for an unauthorized person to access that data is to be invited into the network by someone on the inside. "Phishing" emails are designed for that purpose.
No one expects you or your staff to become cybersecurity experts; however, there are a few safeguards you can take to minimize your exposure to these types of schemes:
First, scrutinize the sender's email address and the content of the message before clicking on any links. As you can see from the message above, the sender name is "IRS.gov"; however, the full email address suggests the email originated elsewhere.
Second, if you are unsure of an email's legitimacy, call the sender before taking any action. If you are unable to call the sender, delete the email. If the email was legitimate (and important), the sender will let you know.
Third, contact your insurance carrier to determine if they have cybersecurity training available for you and your team. There may even be premium discounts available for participating in such training.
Lastly, make sure that you have ample insurance coverage for breaches of cyber security and data loss. Because these are emerging risks in your business, you are quite possibly uninsured or underinsured against these types of losses.
I am not a risk management expert, but I do know people who are. If you would like to benchmark your current policies, please assemble your various policy documents and contact me. I will be glad to introduce you a broker that can provide you with appropriate guidance, and, hopefully, peace of mind.