Threat actors are taking advantage of tax season to target both individuals and enterprises with tax scam attacks.

As reported by Dark Reading, these scams ramp up as tax deadlines loom but can potentially exploit victims’ data month after month or year after year. And while private citizens remain easy targets for malicious actors — Forbes noted that 143 million “negative robocalls” were made on tax day in 2018 — recent IBM research revealed that attackers are now using tax-themed campaigns to subvert corporate security policies.

Tax Scam Tactics

Cybercriminals are taking steps to make enterprise-level scam emails seem entirely legitimate. It starts with typosquatting to create fake payroll and tax service domains and bolster the “from” field by mimicking common corporate email address formats. Email bodies are brief but well-written, while the signature includes popular business components, such as names, job titles, contact numbers and mock footers. Infected attachments — typically filled with TrickBot malware — round out these messages.

At scale, these scams pose a real problem: If even one corporate recipient is fooled, threat actors could gain access to critical network resources.

Watch Out for Malicious Tax Apps

Application-driven tax fraud is also on the rise. Given the sheer number of mobile apps now available, it’s no surprise that malware makers created their own versions of popular tax-filing apps. As Dark Reading pointed out, the apps often “impersonate popular tax-filing services to get people to give up sensitive data.”

Here, key indicators of potential issues include limited or missing developer information along with excessive permission demands. With more than 90 percent of tax returns now being prepared electronically, app control needs to be on the corporate IT radar. Otherwise, remote users or those using company networks for personal business could expose critical services to undue risk.

How to Evade a Costly Tax Scam

Once tax scammers have their hands on personal or corporate data, it’s a gift that keeps on giving. Attackers can use this information to redirect returns, open new credit accounts and generally cause havoc for months or years after initial compromise takes place.

According to IBM security experts, evading these tax tricks starts with the basics: Make sure macros are disabled by default in Office and ensure antivirus tools are capable of detecting and defeating TrickBot.

User education also plays a role. During scam season, it’s worth reminding staff that the IRS never communicates via email and supposed tax attachments from payroll or accounting services should always be vetted before opening.

More from

Did Brazil DSL Modem Attacks Change Device Security?

From 2011 to 2012, millions of Internet users in Brazil fell victim to a massive attack against vulnerable DSL modems. By configuring the modems remotely, attackers could redirect users to malicious domain name system (DNS) servers. Victims trying to visit popular websites (Google, Facebook) were instead directed to imposter sites. These rogue sites then installed malware on victims' computers.According to a report from Kaspersky Lab Expert Fabio Assolini citing statistics from Brazil's Computer Emergency Response Team, the attack ultimately infected…

Who Carries the Weight of a Cyberattack?

Almost immediately after a company discovers a data breach, the finger-pointing begins. Who is to blame? Most often, it is the chief information security officer (CISO) or chief security officer (CSO) because protecting the network infrastructure is their job. Heck, it is even in their job title: they are the security officer. Security is their responsibility. But is that fair – or even right? After all, the most common sources of data breaches and other cyber incidents are situations caused…

Transitioning to Quantum-Safe Encryption

With their vast increase in computing power, quantum computers promise to revolutionize many fields. Artificial intelligence, medicine and space exploration all benefit from this technological leap — but that power is also a double-edged sword. The risk is that threat actors could abuse quantum computers to break the key cryptographic algorithms we depend upon for the safety of our digital world. This poses a threat to a wide range of critical areas. Fortunately, alternate cryptographic algorithms that are safe against…

Securing Your SAP Environments: Going Beyond Access Control

Many large businesses run SAP to manage their business operations and their customer relations. Security has become an increasingly critical priority due to the ongoing digitalization of society and the new opportunities that attackers exploit to achieve a system breach. Recent attacks related to corrupt data, stealing personal information and escalating privileges for remote code execution all highlight the new and varied entry points threat actors have taken advantage of. Attackers with the appropriate skills could be able to exploit…