Threat actors are taking advantage of tax season to target both individuals and enterprises with tax scam attacks.

As reported by Dark Reading, these scams ramp up as tax deadlines loom but can potentially exploit victims’ data month after month or year after year. And while private citizens remain easy targets for malicious actors — Forbes noted that 143 million “negative robocalls” were made on tax day in 2018 — recent IBM research revealed that attackers are now using tax-themed campaigns to subvert corporate security policies.

Tax Scam Tactics

Cybercriminals are taking steps to make enterprise-level scam emails seem entirely legitimate. It starts with typosquatting to create fake payroll and tax service domains and bolster the “from” field by mimicking common corporate email address formats. Email bodies are brief but well-written, while the signature includes popular business components, such as names, job titles, contact numbers and mock footers. Infected attachments — typically filled with TrickBot malware — round out these messages.

At scale, these scams pose a real problem: If even one corporate recipient is fooled, threat actors could gain access to critical network resources.

Watch Out for Malicious Tax Apps

Application-driven tax fraud is also on the rise. Given the sheer number of mobile apps now available, it’s no surprise that malware makers created their own versions of popular tax-filing apps. As Dark Reading pointed out, the apps often “impersonate popular tax-filing services to get people to give up sensitive data.”

Here, key indicators of potential issues include limited or missing developer information along with excessive permission demands. With more than 90 percent of tax returns now being prepared electronically, app control needs to be on the corporate IT radar. Otherwise, remote users or those using company networks for personal business could expose critical services to undue risk.

How to Evade a Costly Tax Scam

Once tax scammers have their hands on personal or corporate data, it’s a gift that keeps on giving. Attackers can use this information to redirect returns, open new credit accounts and generally cause havoc for months or years after initial compromise takes place.

According to IBM security experts, evading these tax tricks starts with the basics: Make sure macros are disabled by default in Office and ensure antivirus tools are capable of detecting and defeating TrickBot.

User education also plays a role. During scam season, it’s worth reminding staff that the IRS never communicates via email and supposed tax attachments from payroll or accounting services should always be vetted before opening.

More from

What to know about new generative AI tools for criminals

3 min read - Large language model (LLM)-based generative AI chatbots like OpenAI’s ChatGPT took the world by storm this year. ChatGPT became mainstream by making the power of artificial intelligence accessible to millions.The move inspired other companies (which had been working on comparable AI in labs for years) to introduce their own public LLM services, and thousands of tools based on these LLMs have emerged.Unfortunately, malicious hackers moved quickly to exploit these new AI resources, using ChatGPT itself to polish and produce phishing…

The importance of Infrastructure as Code (IaC) when Securing cloud environments

4 min read - According to the 2023 Thales Data Threat Report, 55% of organizations experiencing a data breach have reported “human error” as the primary cause. This is further compounded by organizations now facing attacks from increasingly sophisticated cyber criminals with a wide range of automated tools. As organizations move more of their operations to the cloud, they must also become increasingly aware of the security risks and threats that come with it. It’s not enough anymore to simply have a set of…

Data never dies: The immortal battle of data privacy

4 min read - More than two hundred years ago, Benjamin Franklin said there is nothing certain but death and taxes. If Franklin were alive today, he would add one more certainty to his list: your digital profile. Between the data compiled and stored by employers, private businesses, government agencies and social media sites, the personal information of nearly every single individual is anywhere and everywhere. When someone dies, that data becomes the responsibility of the estate; but what happens to the privacy rights…

Vulnerability resolution enhanced by integrations

2 min read - Why speed is of the essence in today's cybersecurity landscape? How are you quickly achieving vulnerability resolution? Identifying vulnerabilities should be part of the daily process within an organization. It's an important piece of maintaining an organization’s security posture. However, the complicated nature of modern technologies — and the pace of change — often make vulnerability management a challenging task. In the past, many organizations had to support manual integration work to get different security systems to ‘talk’ to each…