April 16, 2019 By Douglas Bonderud 2 min read

Threat actors are taking advantage of tax season to target both individuals and enterprises with tax scam attacks.

As reported by Dark Reading, these scams ramp up as tax deadlines loom but can potentially exploit victims’ data month after month or year after year. And while private citizens remain easy targets for malicious actors — Forbes noted that 143 million “negative robocalls” were made on tax day in 2018 — recent IBM research revealed that attackers are now using tax-themed campaigns to subvert corporate security policies.

Tax Scam Tactics

Cybercriminals are taking steps to make enterprise-level scam emails seem entirely legitimate. It starts with typosquatting to create fake payroll and tax service domains and bolster the “from” field by mimicking common corporate email address formats. Email bodies are brief but well-written, while the signature includes popular business components, such as names, job titles, contact numbers and mock footers. Infected attachments — typically filled with TrickBot malware — round out these messages.

At scale, these scams pose a real problem: If even one corporate recipient is fooled, threat actors could gain access to critical network resources.

Watch Out for Malicious Tax Apps

Application-driven tax fraud is also on the rise. Given the sheer number of mobile apps now available, it’s no surprise that malware makers created their own versions of popular tax-filing apps. As Dark Reading pointed out, the apps often “impersonate popular tax-filing services to get people to give up sensitive data.”

Here, key indicators of potential issues include limited or missing developer information along with excessive permission demands. With more than 90 percent of tax returns now being prepared electronically, app control needs to be on the corporate IT radar. Otherwise, remote users or those using company networks for personal business could expose critical services to undue risk.

How to Evade a Costly Tax Scam

Once tax scammers have their hands on personal or corporate data, it’s a gift that keeps on giving. Attackers can use this information to redirect returns, open new credit accounts and generally cause havoc for months or years after initial compromise takes place.

According to IBM security experts, evading these tax tricks starts with the basics: Make sure macros are disabled by default in Office and ensure antivirus tools are capable of detecting and defeating TrickBot.

User education also plays a role. During scam season, it’s worth reminding staff that the IRS never communicates via email and supposed tax attachments from payroll or accounting services should always be vetted before opening.

More from

How will the Merck settlement affect the insurance industry?

3 min read - A major shift in how cyber insurance works started with an attack on the pharmaceutical giant Merck. Or did it start somewhere else?In June 2017, the NotPetya incident hit some 40,000 Merck computers, destroying data and forcing a months-long recovery process. The attack affected thousands of multinational companies, including Mondelēz and Maersk. In total, the malware caused roughly $10 billion in damage.NotPetya malware exploited two Windows vulnerabilities: EternalBlue, a digital skeleton key leaked from the NSA, and Mimikatz, an exploit…

3 Strategies to overcome data security challenges in 2024

3 min read - There are over 17 billion internet-connected devices in the world — and experts expect that number will surge to almost 30 billion by 2030.This rapidly growing digital ecosystem makes it increasingly challenging to protect people’s privacy. Attackers only need to be right once to seize databases of personally identifiable information (PII), including payment card information, addresses, phone numbers and Social Security numbers.In addition to the ever-present cybersecurity threats, data security teams must consider the growing list of data compliance laws…

ICS CERT predictions for 2024: What you need to know

4 min read - As we work through the first quarter of 2024, various sectors are continuously adapting to increasingly complex cybersecurity threats. Sectors like healthcare, finance, energy and transportation are all regularly widening their digital infrastructure, resulting in larger attack surfaces and greater risk exposure.Kaspersky just released their ICS CERT Predictions for this year, outlining the key cybersecurity challenges industrial enterprises will face in the year ahead. The forecasts emphasize the persistent nature of ransomware threats, the increasing prevalence of cosmopolitical hacktivism, insights…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today