Small accounting firms are particularly at risk from bogus emails designed to steal lucrative personal information
Its not just accountants who are busy this tax season, its online hackers too and theyre preying on both individuals and small businesses.
This is not from the mob or street criminals, writes Jess Coburn, a data protection expert, in CPA Practice Advisor. These criminals are likely sitting behind a desk, glued to computer monitors, chugging energy drinks and developing the most effective ways to steal todays version of gold.
That gold is data, and according to research conducted by the security consulting firm Proofpoint, employees and website visitors at small companies and small accounting firms that have fewer resources for security are being targeted this tax season and the scams usually come in two forms.
The first is through emails sent to individuals and employees that request tax information. These emails include legitimate-looking logos and letterheads from familiar brands or tax authorities and include warnings such as important tax information attached or tax changes that affect your filings and when the recipient clicks on the attachment, malicious code is then released on their device.
The second type of attack occurs when malware (including ransomware) is downloaded on the devices of unwitting individuals that visit a compromised website. These sites are targeted by hackers because they have tax-related keywords, and theyre usually sites of smaller accounting firms who probably havent updated their security. If you have the word tax in your domain name, youre a target this year, said Sherrod Degrippo, senior director of threat research and detection at Proofpoint. But its not just small accounting firms that are exposed. According to Degrippo, tax-themed email attacks are also hitting businesses in all sectors. We saw financial firms and construction industries targeted disproportionately, he says.
Once malware is set loose, its programmed to look for personal information about the user or launch a ransomware attack. Some emails try to fool users into sending their tax forms like a W2 and when this happens, the hackers can alter these documents to request a refund from the IRS thats sent directly to their accounts. The researchers at Proofpoint also found many targets are being sent to fake Microsoft Office 365 login pages in order to capture login information for future data access.
According to Degrippo, attackers are adept at using LinkedIn and Google to conduct reconnaissance on potential individuals that have access to the information they want and are laser-focused on targeting them directly through email.
So what to do? Instruct your employees to be aware of these scams and make sure no one is sending any tax information to anyone particularly the IRS unless youre absolutely sure of the recipient. The IRS does not initiate communication through email or phone calls, Monique Becenti, a product and channel specialist at web security firm Sitelock told Mashable.
Other steps include making sure your anti-malware software is updated on all of your employees devices, having your IT firm monitor your network for any unusual remote connections and asking your web design firm to regularly check your site for any potential malware installed. Also: make sure your employees operation systems on their devices be it Windows, macOS or otherwise are always updated.
Tax season is already painful for many small business owners. Becoming a victim of a tax season hacker only adds salt to the wounds. Most small- and medium-sized businesses dont believe theyre targets, writes Coburn. In fact, they think its only a big business or government problem but thats not the case since two-thirds of all small- and medium-sized businesses are attacked in a 12-month period.
Original Article : HERE ;
from AllAbout https://allabout.pw/this-tax-season-dont-let-your-business-provide-a-payday-for-hackers-gene-marks/
No comments:
Post a Comment