GlobalSign Blog

10 Apr 2019

It's Tax Season - And Cyber Criminals are Waiting

Taxpayers and Accountants Must Stay Vigilant to Protect Sensitive Information

At GlobalSign, everything we do is focused on one thing – protecting identities. So when tax season rolls around next week (April 15), we’re acutely aware how fraud can turn into a nightmare during filing time.

A 2017 Identity Fraud Study by Javelin Strategy & Research noted almost one-in-three consumers exposed to data breaches fall victim to identity fraud. Cybercriminals try almost anything to steal personal information. Consumers must be on the lookout for unsolicited emails, text messages, social media posts or fake websites that might cause sharing of valuable personal and financial information.

Once procured, that data can be used by online thieves to pilfer funds and/or commit identity theft. Unfamiliar links or attachments can contain malware – viruses, spyware and other unwanted software installed on computers or mobile devices without consent. This can later infect an even broader range of computer files if opened.

According to IT World Canada, things just might get worse. During tax season, consumers may receive emails with such subject lines as “Notice of Outstanding Income Tax Demand,” or “IRS Update”. The email, which is sometimes addressed “Dear Taxpayer”, might contain attachments with official-looking government logos - but are really loaded with malware. Cyber criminals also provide links that re-route users to fake websites with that same government or tax department logo. And that’s where criminals capture your password.

They’re not really there to help you

Hackers are cunning individuals. Some online scammers can create bogus versions of online accounting tools like QuickBooks, while others pose as tech support agents. This is nothing new. Back in 2016, a group of ransomware hackers claimed a Fortune 500 company paid them to hack a competitor. More recently, cybersecurity firm Lookout discovered more than 100 websites apparently designed to dupe tax filers. The domains target a large pool of potential victims: 135 million+ American taxpayers.

An April 4th article in Wired points out that tax software isn’t something most people use on a regular basis. As a result, many seek additional help when navigating the tool - making them easy targets for scam websites like “quickebooksupport.com” and “quickbooks-helpline.com”. The article reports the scams largely trap people searching for help on Google or Bing.

Taking it one step further, “support” technicians contacted via 1-800 numbers on these sites often request remote access to victims’ computers to steal personal information. Other schemes use these numbers to sell bogus, unnecessary software. Similar sites have been built to impersonate Apple support technicians.

Lookout’s research represents just a handful of tax scams targeting the next victim. Not surprisingly, scammers have also taken to social media to target users with misinformation about phony tax breaks to obtain personal information.

Tax preparers are also vulnerable

Hackers aren’t just targeting consumers – they’re trying to scam tax preparers, too.

Earlier this year, ProofPoint discovered a campaign targeting accounting firms pretending to be an email from a fictitious taxpayer named “Timothy”. According to an April 3rd article in Bleeping Computer, the emails supposedly contained details requested by an accounting firm. This also included numerous forged documents - including W-2s, a 1099-R from UBS, and a mortgage interest 1098 form.

The hackers then went a step further by including additional details to make “Timothy’s” information appear more authentic. When the recipient enabled macros, the document downloaded and installed what’s known as “Remcos RAT” on their computer. Remcos (Remote Control and Surveillance) is a Remote Access Tool (RAT) purchased by anyone. While the tool is legitimate and its original creators strictly forbid misuse, some cyber criminals generate revenue by using it maliciously.

Fake Tax Form

Once the “RAT” is installed, attackers potentially have full access to all of recipient files – in this case, the accounts tax files – impacting multiple clients by infecting just one computer.

While it’s always important to be vigilant with financial information, it’s especially important during tax time. Given the increasing problems with phishing, customers should consider providing tax related documents directly to an accountant - rather than sending them via email. If submitting online, always go directly to the site in question rather than clicking a link in a document or email. Furthermore, carefully research the page address before submitting. This ensures the site address is correct and therefore, safe.

As a final word, always remember:

  • The IRS typically contacts citizens first by mail, not via email. If you haven’t received a paper letter, it’s unlikely any electronic communication claiming to be from the agency is real.
  • Legitimate tech support agents also don’t ask for screen access to obtain login information and provide help.
  • Always use a password manager instead of reusing the same password across multiple accounts.
  • Use smart practices with personal information. Only share social security numbers when it’s absolutely necessary.
  • Check credit report regularly for shady activity, and never throw away papers with critical information – like social security numbers or bank account information – without first using a shredder.

Want to learn more about staying safe, protecting your identity and preventing cyber attacks during this time of year? GlobalSign can help.

Check out our range of solutions designed to protect against the ever-evolving world of cyber threats. Want more? Check out these links for more information:

https://www.globalsign.com/en/blog/the-top-6-cybersecurity-risks/

https://www.globalsign.com/en/blog/how-to-tell-cryptojacked/

https://www.globalsign.com/en/blog/six-cybersecurity-tools-and-services-every-business-needs/

https://www.globalsign.com/en/blog/what-is-ransomware/

https://www.globalsign.com/en/blog/building-digital-signatures-into-document-platforms/

About the Author

Amy Krigman is GlobalSign's Public Relations Manager. Within this role, she has developed a broad range of successful PR campaigns that have generated press in technology, business, trade and consumer publications. As a result, she has developed a reputation as one of the best media relations professionals in the business. Amy has also worked with leading analyst firms such as Gartner, IDC and Forrester Research, gaining critical exposure for her B2B clients that have led to inclusion in research reports, references at analyst events and more.

Share this Post

Write for Us

Apply Now

You might enjoy:

Top 10 Cybersecurity Events and Why You Should Attend One

Or even:

The Never-Ending Pursuit of Security