Why tax season leaves plan members vulnerable to cybercrime

Director of online security at major telecom outlines what makes this season so challenging for clients, and what benefits plans can do to help

Why tax season leaves plan members vulnerable to cybercrime

The unfortunate truth of our increasingly connected world is that everybody faces the risk of cybercrime. Phishing attacks have become increasingly sophisticated as scammers and criminals seek sensitive personal data that will allow them to access credit cards, bank accounts, and the most sensitive corners of any person’s financial life. At tax season, those risks become more acute.

Leigh Tynan, director of online security at TELUS, explains that in a time of greater urgency, when Canadians are anticipating communications that will tell them what they owe, what they are owed, and how they have to pay, cybercriminals have a window of opportunity. She says that cybercriminals will imitate government services, agencies, banks, and financial services firms to get what they want. Their methods have become increasingly sophisticated and targeted.

“The Canadian anti-fraud centre shared a recent story involving a scam in the form of a text message which claimed to be from the CRA that contained an individual’s name and personal information and actually included the victim’s social insurance number,” Tynan says. “It looked like a trusted source reaching out with your personal information, which increased the trust that the victim had. The text told them that a payment was due and requested the payment be sent to a phone number. It was 100 per cent a scam, set up to be perceived as more trustworthy.”

Tynan says that this sensitive personal information was likely scraped out of a data breach, driving home the point that nobody is immune to identity theft.

Tynan argues that the core weapon against this sort of cybercrime is education. Key to that education is an understanding of how cybercrime has evolved. What was once a series of blunt operations designed to catch credit card numbers has become an incredibly targeted and specific set of operations. Cybercriminals will browse social media profiles and impersonate people they know to be your friends and family in order to trick their victims into trusting them.

AI, too, has changed the cybercrime landscape significantly. Sloppy emails, clear errors, and phony premises may have been signifiers of a scam. Now, large language models and AI image generators can produce highly sophisticated and convincing communications that mirror the style of the institution or individual the scammers want to impersonate. Even human voices can be manipulated by AI in a way that could fool many into opening up their wallets.

The financial consequences of a scam for individuals and businesses are dire. In addition to any loss of money, scams can severely impact credit scores and undermine the good name of an individual or a business. They can even result in the cancellation of business loans or lines of credit.

One strategy that individuals can use to protect themselves, Tynan says, is a personal information scan. Through a scan of the dark web, individuals can learn if any of their personal information is already circulating. That could include their passwords, phone number, social media accounts, and even pieces like their social insurance number. Other digital cybersecurity services, including one offered by TELUS, can help with detect and alert systems notifying individuals if their information has been compromised.

Tynan believes that plan sponsors can play a key role in the work of educating and informing their members. Through educational modules and resources plan sponsors can offer information that their members trust and core pieces of education that can protect against cybercrime. That includes information relevant to tax season, including details about how the CRA contacts Canadians. By explaining that the CRA will never send an email asking you to click a link, or will never use a text or instant message, plan sponsors can go a long way to preventing cybercrime. As they invest in tools to educate their members, Tynan believes that plan sponsors need to look at the financial security, wellbeing, and health of their members the same way they look at their mental or physical health.

“Providing support to employees with personal online security tools is a critically important component of any truly holistic employee benefit program in 2024,” Tynan says. “A holistic program must address physical health, digital health, and psychological wellbeing and safety. The simple reality today is that our digital lives are our real lives.”

RELATED ARTICLES