Why tax time leaves clients vulnerable to fraud

Telecom expert outlines what makes this time of year so challenging for clients, and what advisors can do to help

Why tax time leaves clients vulnerable to fraud

The unfortunate truth of our increasingly connected world is that everybody faces the risk of cybercrime. Phishing attacks have become increasingly sophisticated as scammers and criminals seek sensitive personal data that will allow them to access credit cards, bank accounts, and the most sensitive corners of any person’s financial life. At tax season, those risks become more acute.

Leigh Tynan, director of online security at TELUS, explains that in a time of greater urgency, when Canadians are anticipating communications that will tell them what they owe, what they are owed, and how they have to pay, cybercriminals have a window of opportunity. She says that cybercriminals will imitate government services, agencies, banks, and financial services firms to get what they want. Their methods have become increasingly sophisticated and targeted.

“The Canadian anti-fraud centre shared a recent story involving a scam in the form of a text message which claimed to be from the CRA that contained an individual’s name and personal information and actually included the victim’s social insurance number,” Tynan says. “It looked like a trusted source reaching out with your personal information, which increased the trust that the victim had. The text told them that a payment was due and requested the payment be sent to a phone number. It was 100 per cent a scam, set up to be perceived as more trustworthy.”

Tynan says that this sensitive personal information was likely scraped out of a data breach, driving home the point that nobody is immune to identity theft.

Tynan argues that the core weapon against this sort of cybercrime is education. Key to that education is an understanding of how cybercrime has evolved. What was once a series of blunt operations designed to catch credit card numbers has become an incredibly targeted and specific set of operations. Cybercriminals will browse social media profiles and impersonate people they know to be your friends and family in order to trick their victims into trusting them.

AI, too, has changed the cybercrime landscape significantly. Sloppy emails, clear errors, and phony premises may have been signifiers of a scam. Now, large language models and AI image generators can produce highly sophisticated and convincing communications that mirror the style of the institution or individual the scammers want to impersonate. Even human voices can be manipulated by AI in a way that could fool many into opening up their wallets.

The financial consequences of a scam for individuals and businesses are dire. In addition to any loss of money, scams can severely impact credit scores and undermine the good name of an individual or a business. They can even result in the cancellation of business loans or lines of credit.

One strategy that individuals can use to protect themselves, Tynan says, is a personal information scan. Through a scan of the dark web, individuals can learn if any of their personal information is already circulating. That could include their passwords, phone number, social media accounts, and even pieces like their social insurance number. Other digital cybersecurity services, including one offered by TELUS, can help with detect and alert systems notifying individuals if their information has been compromised.

Tynan believes that advisors can play a crucial role in the work of educating and informing individuals. They can leverage their deep knowledge of the financial system and understanding of their clients’ complex financial lives to act as a trusted source of information. To do that, advisors need to start by educating themselves on cybersecurity risk and then bring that information to clients in proactive conversations that will help every party anticipate the occurrence of a cybercrime.

“Something as simple as reinforcing with clients, how the CRA will engage with them, I think is a great place to start because that would then reduce the susceptibility or the likelihood that their clients would fall victim to some of these scams,” Tynan says.

At the same time, Tynan says that advisors should be working to protect their own businesses from cybercrime as well.

“I would really encourage advisors to think about their own response plan because no business is immune, small or large,” Tynan says. “Everyone is at risk and from a business perspective, you need to actually have a response plan should a cybersecurity incident occur.”