Tax Fraud via Cybercrime
Do you know how to protect your business from tax fraud? The deadline for filing taxes in the US is April 15. As many businesses and individuals scramble to meet the filing deadline, the cybercriminals are taking advantage of this situation by launching tax-themed spam campaigns. The attackers are deploying TrickBot.
The goal is to infect potential victims with banking trojans to collect as much data as possible specifically account credentials for banking websites. They want your login information. TrickBot is a type of banking malware. Within the newer variants of this malware can steal credentials for Remote Desktop Protocol (RDP), Virtual Network Computing (VNC), and PuTTY terminal emulator sessions.
What makes these TrickBot campaigns concerning the level of sophistication. Usually, most attacks are poorly-crafted emails requesting recipients to open a malicious attachment. The sender’s email address is commonly a free webmail address, and the message is crudely written with typos. People still fall for it. In contrast, these newer variants of TrickBot, the campaigners take additional measures to improve their methods in terms of the quality of the message and the brands they chose to portray. Typo-squatting is one of the tools used in the attack which is tricking the eye to see the correct domain by using similar-looking domain names. In other word, even the most most careful user can be tricked.
For IT professionals and businesses, here are some tips to avoid the damage of malware for tax fraud:
- Disable macros by default in MS Office documents.
- Block URL and IP-based indicators of compromise at the firewall, IDS, web gateways, routers or other perimeter-based devices.
- Keep antivirus updated and make sure your current vendor has coverage for banking Trojans such as TrickBot.
- Search for existing indications of the designated IOCs in your environment and email systems.
- Keep all critical and non-critical systems up-to-date and patches applied.
- Report suspected tax scams to the IRS at firstname.lastname@example.org.
As a business if you are not sure how to use the above tips, it maybe a good time to have a conversation with your IT vendor to prevent tax fraud.
Keep your personal information safe by using these tips:
- The US Internal Revenue Service (IRS) will not open contact with taxpayers by email, phone, text messages, or social media channels; snail mail only.
- Do not open unsolicited emails, do not click on links within such emails, or open attachments coming from unknown senders.
- If you receive an email claiming to be from your payroll vendor try logging into the provider’s website directly or call them to confirm its validity.
- Even when you know the sender, be cautious about opening email attachments.
Slowdown and look may help you from falling victim to email-delivered malware campaigns that enable tax fraud.
Need help developing a cyber hygiene program for your business to keep it cybersafe? Contact us today.