Threat actors are taking advantage of tax season to target both individuals and enterprises with tax scam attacks.

As reported by Dark Reading, these scams ramp up as tax deadlines loom but can potentially exploit victims’ data month after month or year after year. And while private citizens remain easy targets for malicious actors — Forbes noted that 143 million “negative robocalls” were made on tax day in 2018 — recent IBM research revealed that attackers are now using tax-themed campaigns to subvert corporate security policies.

Tax Scam Tactics

Cybercriminals are taking steps to make enterprise-level scam emails seem entirely legitimate. It starts with typosquatting to create fake payroll and tax service domains and bolster the “from” field by mimicking common corporate email address formats. Email bodies are brief but well-written, while the signature includes popular business components, such as names, job titles, contact numbers and mock footers. Infected attachments — typically filled with TrickBot malware — round out these messages.

At scale, these scams pose a real problem: If even one corporate recipient is fooled, threat actors could gain access to critical network resources.

Watch Out for Malicious Tax Apps

Application-driven tax fraud is also on the rise. Given the sheer number of mobile apps now available, it’s no surprise that malware makers created their own versions of popular tax-filing apps. As Dark Reading pointed out, the apps often “impersonate popular tax-filing services to get people to give up sensitive data.”

Here, key indicators of potential issues include limited or missing developer information along with excessive permission demands. With more than 90 percent of tax returns now being prepared electronically, app control needs to be on the corporate IT radar. Otherwise, remote users or those using company networks for personal business could expose critical services to undue risk.

How to Evade a Costly Tax Scam

Once tax scammers have their hands on personal or corporate data, it’s a gift that keeps on giving. Attackers can use this information to redirect returns, open new credit accounts and generally cause havoc for months or years after initial compromise takes place.

According to IBM security experts, evading these tax tricks starts with the basics: Make sure macros are disabled by default in Office and ensure antivirus tools are capable of detecting and defeating TrickBot.

User education also plays a role. During scam season, it’s worth reminding staff that the IRS never communicates via email and supposed tax attachments from payroll or accounting services should always be vetted before opening.