Small Business Taxes Are Targeted by Cybercriminals


March 10, 2020

You think you know all the current hacking techniques and trends, but this tax season puts you at risk for something you may not have seen coming: your small business taxes are targeted now, with the potential to destroy your company.

Joe Francisco, CEO of a small cleaning supply company in New Orleans, had no idea that he was unleashing malware into his network when he clicked a communication from a third-party tax preparation service in his town.

“I didn’t think anything of it,” he explained. “I was running out of time to file, and the online process seemed so easy. I ended up paying for services, uploading employee information, and verifying my company’s tax information.” In Joe’s case, the error not only cost him and his employees frustration with filing tax returns and the nightmare of dealing with IRS in a potential tax fraud investigation, it also cost him $9,023 in charges from a tax preparation service which disappeared completely within a week of collecting his fees “upfront.” “In retrospect,” Joe said, “I should have done my research before agreeing to do business with them.”

Cybercriminals are up to their old tricks, but with a new twist. This time, they are coming after your tax information.

In some cases, small businesses may opt to do their own taxes. They may also choose to hire tax accounting firms to handle the increasingly complex tax laws that seem to change every year.

No matter how you file this year, small business taxes are targeted by bad actors of all kinds.

How Small Business Taxes Are Targeted

If you have the time, a small business, and an organized approach, doing your own taxes may seem like an easy way to save money.

Be advised, though; hackers are on the lookout for ways to commit fraud and cash in on your small to medium-sized tax returns. They are also finding new ways to steal tax information from your employee database for identity theft and tax fraud.


Hello, tried and true email phishing. This tax season will find a host of new phishing trends. These emails may contain:

  • Requests for credentials
  • Requests for bank account information
  • Social Security number “verification”
  • Requests for dependents’ names and social security numbers
  • Verification of employees’ tax information

Even the most “cybersecurity savvy” business owner may provide the information if it appears to come from an IRS official. These emails may contain links to your business’ “tax transcript,” “tax refund,” or to a new form that you “need to fill out” this year.

Having a solid spam filter in place as part of your cybersecurity strategy can reduce the likelihood of these potentially harmful emails getting into the hands of your employees.

Pro Tip: Remember, never click links that ask for sensitive data or open emails from the “IRS” that do not come from the official site.


Spoofing, the process of setting up phony websites that mirror valid ones, can be a way for hackers to get to your returns and all your sensitive tax return data.

Popular spoofing involves “IRS” emails and links.  Users are urged to click the link to check their withholdings, deductions, social security number or other sensitive tax data. This works because the IRS is a fearsome entity, and hackers know it. Taxpayers will click on the links and provide the information because they are afraid of being found “noncompliant” with the IRS.

Pro Tip: The IRS will never email you notices requesting your response via an internal link.

Threatening Phone Calls and Letters

While not necessarily a cybercrime, these old-fashioned tax fraud schemes often receive information from a breach. Criminals can take this information and track down CEO’s, Finance Officers, or other departments that would hold and handle tax information of any kind.

These calls may differ slightly in nature and can include:

Threatening tone on phone calls: If you receive a threatening phone call from the IRS, remember that the IRS will never threaten to arrest you, levy your assets, or freeze your accounts by phone or email

Bureau of Tax Enforcement: These callers and letters can seem quite frightening…until you realize that there is no Bureau of Tax Enforcement.

Cancelling your EIN or Social Security Number: Your EIN was the number you received from the IRS when you set up your business. No matter what the caller on the phone or the letter in the mail says, you cannot lose your right to use these numbers, nor can they be “suspended.”

If you are a new small to medium-sized business, you will need to apply for an EIN. Do not use any third party for this; go directly to the IRS website and apply there. Criminals have been known to gather information via mail or to offer services to “handle the process for you” while using the information to file returns for themselves.

Pro Tip: The IRS doesn’t accept gift cards, bit coin or any other unconventional payment methods and will never “threaten” you by phone. Any information regarding your EIN or Social Security information should be handled through the official website.

W2 Scams

Some employees may be asked to provide copies of their W2’s for verification to a cybercriminal acting as a higher-level executive from payroll or accounting. Human Resources and Financial Officers can be tricked into sending copies of W2’s to scammers posing as IRS agents.

Pro Tip: The IRS will never ask you to click a link to verify any employee’s W2 or to send duplicates via email.

Integris reminds you:

  • Never click any link from the “IRS.”
  • Never provide information until you are certain you are speaking to an IRS agent.
  • Request a badge number and the agent’s name and call the agency directly.  
  • Track the status of your returns directly on the IRS website itself.

Small business taxes are targeted by hackers, but your employees can be your first line of defense. Make sure to offer cybersecurity awareness training to all of your employees so they do not fall for these popular tax season tricks.

Small Business Tax Preparation Services are Being Targeted

As part of their increasingly sophisticated tactics, small business tax preparation services are being targeted by hackers. Every facet of small business tax preparation is targeted, including the firms themselves.

This can affect you if you use a tax preparation service, but it can affect you even more if you own a CPA firm or business that prepares taxes.

Hackers are using ransomware to cripple tax preparation services and phishing schemes to try to get clients’ information from their databases. If a firm doesn’t pay the ransom, the hackers will use the information they receive and target the businesses directly.

It’s important to have an IT strategy in place all year round to protect your clients’ interests, but even more important now that it’s tax season.

If you use a CPA or tax firm to prepare your taxes, make sure they have the proper protections in place before filing your returns or giving them any sensitive data.

As Joe learned, many fly-by-night tax preparation services can be found with a simple Google search. Make sure you do your research and check reviews before agreeing to use tax preparation services, and avoid any that ask for payment up front before the services are delivered.

Let Integris Help You Protect Your Small to Medium-Sized Business this Tax Season

Integris understands small to medium-sized business needs, and the fact that your small business taxes are targeted for cybercrime isn’t news to us. We have been protecting business, just like yours, from cyberattacks from all directions, including the tactics hackers can take to steal your tax information.

Contact us today for a free, no obligation consultation and see how Integris can help you stay safe, even in tax season.

[sc name=”StandardParagraph”]

[sc name=”blog-cta-cybersecurity5″]

We're Integris. We're always working to empower people through technology.

Keep reading

vCIO vs. vCISO: What’s The Difference? 

vCIO vs. vCISO: What’s The Difference? 

Managing your IT operations is a big job, especially if you're a small or mid-sized company without the resources to hire a full internal IT staff. In these cases, most companies hire a managed IT service provider to fill the gaps. Yet, knowing who to hire and what...

Retainers for vCIOs and vCISOs: A Comprehensive Guide

Retainers for vCIOs and vCISOs: A Comprehensive Guide

If you're running an IT department at a small to mid-size company, you know— the demands on your infrastructure are greater than ever. Cyber threats are growing at an alarming pace, primarily fueled by the accessibility of AI to hackers. Cloud productivity, system...