Upload
others
View
1
Download
0
Embed Size (px)
Citation preview
IRS-CI Mission Statement
In support of the overall IRS Mission, Criminal Investigation serves the American public by investigating potential criminal violations of the Internal Revenue Code and related financial crimes in a manner that fosters confidence in the tax system and compliance with the law.
Criminal Investigation
• Understand & Respond to a Business Email Compromise and/or Data Breach
• CARES ACT/SCAMS• CASE SUMMARIES
OBJECTIVES
Criminal Investigation
BEC – Business Email Compromise2020: 19,369 complaints$1.8 Billion in adjusted losses
In 2020, the IC3 observed and increase in the number of BEC/EAC complaints related to the use of identity theft and funds being converted to cryptocurrency
PROBLEM
Criminal Investigation
Business Email Compromise• Cybercriminals are able to identify chief operating officers, school
executives or others in position of authority (Social Engineering).
• Fraudsters mask themselves as executives or people in authoritative positions and send emails to payroll or human resources requesting copies of Forms W-2. (Grooming)
• Form W-2 contains the following (Exchange of Information)
Employment Identification Numbers (EIN)Social Security NumbersIncome / Withholdings (Federal, State, Local)AddressRetirement PlanHealth Benefits Plan
Criminal Investigation
Poll Question #1
My company has a written data security plan.
a. Trueb. False
Criminal Investigation
• Usually comes in the form of Phishing email and has attachments or links.
• Ransomware is a type of malware that restricts access to infected computers and requires victims to pay a ransom to regain access to their data
• Typical ransoms are in the range of $100 - $300, and are often demanded in the form of digital currency, such as Bitcoin
Ransomware
Criminal Investigation
Signs of a Breach –The Victim Experience• Electronic Return Rejected (Paper Return)• Verification Letters (5071C or 4883C) • https://www.irs.gov/individuals/irs-notice-or-letter-
for-individual-filers External• Transcripts• Receipt of US Treasury Refund Check• Receipt of Reloadable Prepaid Card• Receipt of Refund Transfer Company Check
Criminal Investigation
Respond• Contact IRS Stakeholder Liaison When
Compromise Detected
• Follow State Reporting Requirements
• Report Compromise to FBI, US Secret Service, Federal Trade Commission
• Contact Local Experts
Criminal Investigation
Recover• Ensuring the organization implements Recovery
Planning processes and procedures
• Implementing improvements based on lessons learned
• Coordinating communications during recovery activities
• Analyzing effectiveness of response activities
Criminal Investigation
Poll Question #2Which of the following is an indicator your system may have been breached?
a. Client receives a refund check without filing a returnb Receiving notices from the IRS for non-clientsc. Abnormally high electronic filing rejection rated. All of the above
Fraud Related to COVID-19
Other Related Scams• Fake Charities• Phishing• Social Media Scams• Investment Opportunities
Criminal Investigation
Poll Question #3
Most phishing attacks try to get you to:
a. Clink on a link or attachmentb. Buy products from their websitec. Offer a reward for helping them
Criminal Investigation
An estimated 91 percent of all data breaches and cyber attacks begin with a spear phishing email that targets you. Their objective is to get you to click on a link or open an attachment (ex. PDF, Word Doc, Excel file, Image). This allows the thief to steal passwords or download malware that tracks keystrokes or gives the thief control of your computer. Select two clues that an email is a targeted scam:
a. A responsee to an inquiry including a spreadsheet that you requested from your team.
b. Appears to be from a trusted source or potential client but seems a bit off
c. A Zoom invite for a meeting scheduled by your supervisor.
d. Has an urgent message to bait you into opening a link or attachment. (ex. Update your account now!)
Poll Question #4