Cyberthreats Hovering Over The Impending Tax Season

  • Cybercriminals are aggressively ju mping into the tax season," says Proofpoint's research.

  • Attackers use tax-themed emails with enticingly titled malicious attachments.

  • Finance and Construction industry is being targeted disproportionately.

Proofpoint's research concludes that attackers are "aggressively jumping into the tax season." The research has shown that small businesses are already being hit by tax season-related cyber-attacks, even as the deadline for filing taxes in the United States is eight weeks away.


The research says attackers are deploying two main attack strategies:

1.    Tax-themed emails with malicious attachments

2.    Legitimate tax-focused websites that are compromised to deliver malware


There is a lot of focus on compromising legitimate tax-focused websites this year. The research reveals that small-businesses that specialize in tax preparation are carrying a target on their back. If you have the word “tax” in your domain name; you're a target this year.


Tax-themed emails with malicious attachments


The first strategy is to send tax-themed emails with enticingly titled malicious attachments, such as "Important changes, filing due date and charges to form 1099."


Attackers have used tax-themed emails to deliver malicious attachments for years. The technique isn’t new and the attacks don’t have to be novel to work. Attackers often use what has been successful for them in the past to find another payday. Everyone should exercise caution around tax-themed emails: this is a certain threat.


Examples in the research show that attackers are increasingly making their fake tax-themed emails look better and better. In some cases, they use data they’ve stolen or bought to tailor it to the recipient to make it more believable.


READ MORE: Reeling from Cyberattack, toll now has its customers leaving


Compromised Legitimate Tax-focused Websites


The second tactic is to compromise legitimate tax-focused websites to deliver malware to people who visit the sites.


Attackers were observed gaining access to legitimate tax-focused websites via unpatched and out-of-date WordPress and other content management system installations. Code planted by attackers on compromised sites downloads malware onto the systems of people who visit in an attempt to access and steal their data. Researchers noted that code was often hosted elsewhere to make the compromise harder to spot.


In these attacks, we’ve seen the sites of smaller tax preparation and accounting firms targeted and compromised. This makes sense because smaller companies often have fewer resources and less expertise to prevent these attacks and detect them when they’ve happened

- Sherrod DeGrippo, Senior Director (Threat Research and Detection), Proofpoint

It is seen the sites of smaller tax preparation and accounting firms targeted and compromised. This makes sense because smaller companies often have fewer resources and less expertise to prevent these attacks and detect them when they’ve happened.  While businesses in every sector are attacked by these taxed emails, financial and construction industry is being targeted disproportionately. The construction industry targeting, in particular, is a reminder that no one sector is immune.



A recent attack observed spoofed the full branding of a very well-known tax preparation service in the US for both the lure and the landing page for credential phishing. If a threat actor is successful in obtaining an authentic W2, they can potentially file taxes on behalf of that person, receiving the refund to their own account instead of the actual taxpayer.

- Sherrod DeGrippo, Senior Director (Threat Research and Detection), Proofpoint


Proofpoint Recommendations to Avoid being Compromised



Proofpoint recommends two ways to protect yourself during the tax season:

1.    The threat of all tax-themed attachments as potentially malicious. Many tax preparation companies and accounting companies don't send information as attachments through regular emails anymore. These companies have now switched to using secured email and document sharing portals. If you get an email with a tax-themed attachment, even one you may be expecting, verify with the sender before opening it.

2.    Make the security of your website a top priority especially if you are a small tax preparation or accounting firm. Websites of such firms are a bigger target in the tax season. A hosting company might do well to resolve the update and security of your website for you unless you possess the time, expertise, and resources to do it yourself.



READ MORE: After Avast's malefaction, data protection should be high-priority

Spotlight

Other News

Dom Nicastro | April 03, 2020

Read More

Dom Nicastro | April 03, 2020

Read More

Dom Nicastro | April 03, 2020

Read More

Dom Nicastro | April 03, 2020

Read More

Spotlight

Resources