ca security and scams

Criminal InvestigationCa

Security and ScamsSpecial Agent in Charge Mark Pearson

November 9, 2021

IRS-CI Mission Statement

In support of the overall IRS Mission, Criminal Investigation serves the American public by investigating potential criminal violations of the Internal Revenue Code and related financial crimes in a manner that fosters confidence in the tax system and compliance with the law.

Criminal Investigation

• Understand & Respond to a Business Email Compromise and/or Data Breach

• CARES ACT/SCAMS• CASE SUMMARIES

OBJECTIVES


BUSINESS EMAIL COMPROMISE (BEC)

DATA BREACH


BEC – Business Email Compromise2020: 19,369 complaints$1.8 Billion in adjusted losses

In 2020, the IC3 observed and increase in the number of BEC/EAC complaints related to the use of identity theft and funds being converted to cryptocurrency

PROBLEM


IC3 Complaint Statistics 2016 - 2020


Business Email Compromise• Cybercriminals are able to identify chief operating officers, school

executives or others in position of authority (Social Engineering).

• Fraudsters mask themselves as executives or people in authoritative positions and send emails to payroll or human resources requesting copies of Forms W-2. (Grooming)

• Form W-2 contains the following (Exchange of Information)

Employment Identification Numbers (EIN)Social Security NumbersIncome / Withholdings (Federal, State, Local)AddressRetirement PlanHealth Benefits Plan


Poll Question #1

My company has a written data security plan.

a. Trueb. False


• Usually comes in the form of Phishing email and has attachments or links.

• Ransomware is a type of malware that restricts access to infected computers and requires victims to pay a ransom to regain access to their data

• Typical ransoms are in the range of $100 - $300, and are often demanded in the form of digital currency, such as Bitcoin

Ransomware


Signs of a Breach –The Victim Experience• Electronic Return Rejected (Paper Return)• Verification Letters (5071C or 4883C) • https://www.irs.gov/individuals/irs-notice-or-letter-

for-individual-filers External• Transcripts• Receipt of US Treasury Refund Check• Receipt of Reloadable Prepaid Card• Receipt of Refund Transfer Company Check

https://www.irs.gov/individuals/irs-notice-or-letter-for-individual-filers


Respond• Contact IRS Stakeholder Liaison When

Compromise Detected

• Follow State Reporting Requirements

• Report Compromise to FBI, US Secret Service, Federal Trade Commission

• Contact Local Experts


Recover• Ensuring the organization implements Recovery

Planning processes and procedures

• Implementing improvements based on lessons learned

• Coordinating communications during recovery activities

• Analyzing effectiveness of response activities


Poll Question #2Which of the following is an indicator your system may have been breached?

a. Client receives a refund check without filing a returnb Receiving notices from the IRS for non-clientsc. Abnormally high electronic filing rejection rated. All of the above

Fraud Related to COVID-19

Economic Impact Payment (EIP) Fraud


Payroll Protection Program (PPP) Fraud


Economic Injury Disaster Loans (EIDL) Fraud


Employment Development Department Fraud


Other Related Scams• Fake Charities• Phishing• Social Media Scams• Investment Opportunities


Poll Question #3

Most phishing attacks try to get you to:

a. Clink on a link or attachmentb. Buy products from their websitec. Offer a reward for helping them

Case Summaries


An estimated 91 percent of all data breaches and cyber attacks begin with a spear phishing email that targets you. Their objective is to get you to click on a link or open an attachment (ex. PDF, Word Doc, Excel file, Image). This allows the thief to steal passwords or download malware that tracks keystrokes or gives the thief control of your computer. Select two clues that an email is a targeted scam:

a. A responsee to an inquiry including a spreadsheet that you requested from your team.

b. Appears to be from a trusted source or potential client but seems a bit off

c. A Zoom invite for a meeting scheduled by your supervisor.

d. Has an urgent message to bait you into opening a link or attachment. (ex. Update your account now!)

Poll Question #4

Criminal InvestigationCa

Security and ScamsSpecial Agent in Charge Mark Pearson

ca security and scams

Documents