Jacqueline Jayne, security expert, KnowBe4
June is prime time for the latest in sophisticated tax – themed phishing scams. With the kick off of the 2022 Corporate tax filing season in Singapore, the IRAS has already reported a surge in scamming crimes this month. Cybercriminals claiming to be from the IRAS have refined their attack approach targeting business owners and employees and even tax professionals.
Here are the 4 latest Singapore tax scams to be aware of and how to avoid them – (detailed in attachment)
Advice for Business Owners
- It is up to you to communicate to your people exactly what to expect from your HR or Payroll Department at tax time.
- Provide clear details as to what they are to receive and warn them that there is a very high chance cybercriminals will be targeting them at tax time.
- Would your employers fall for convincing phishing attacks? Step your people through relevant, engaging, and ongoing security awareness training and provide an opportunity for them to test out their knowledge with simulated phishing and other social engineering tests.
- Share the tips below to your employees, customers, vendors and suppliers.
- If you are going through a tax agent to manage your tax obligations, check that they are registered here:www.sctp.org.sg/Members.aspxand remember they may charge for a fee for their services and make submissions to the IRAS on your behalf.
Advice for Employees (and everyone else)
- Confidential documents are deposited in the secured tax portal atmytax.iras.gov.sgTaxpayers may log in to the portal using their Singpass to retrieve their tax statements or e-File their tax returns viamytax.iras.gov.sg
- If you are not sure, ask your HR Department or Payroll when and how you will receive your Income tax Assessment or any other relevant information from the IRAS.
- IRAS will not ask you to provide your confidential personal details like bank account details via email, SMS or voice mail. Only deal with the IRAS via an official channel such as the IRASmyTax Mailto correspond with IRAS. If your enquiry contains confidential information, they will respond to you viamyTax Mail. The IRAS will never request personal details like bank account details via email, SMS or voice mail.
- The IRAS will never ask you to pay for anything with gift cards, credit cards or cryptocurrency (like Bitcoin).
Advice for Tax Professionals
Cybercriminals are actively looking to gain unlawful access to your client data as it is of great value to them.
They will even pose as a client sending you an email with a malicious attachment in the hope you open it and grant them access.
Once inside, they can access your entire inbox and then all your client’s data.You need to be on the lookout for all suspicious emails and be extra vigilant at tax time.
Please share these hints and tips far and wide to everyone in your world who will be required to lodge a tax return.
Have you been scammed?
If you suspect that you have responded to a phishing scam with personal or financial information, you are advised to:
- lodge a police report;
- change the passwords or PINs on all your online accounts; andcontact your banks to stop any transactions
- delete suspicious emails asking for personal details or login credentials, especially those involving the use of Singpass
- do not download any attached files in suspicious emails
- do not click on hyperlinks in suspicious emails
- never disclose your bank account detail, password or OTP to others.