Tax Filing Deadlines And Issue Of Increased Phishing Attempts
As the tax filing deadline is almost upon many taxpayers, the cybercriminal groups have launched their aggressive campaign to capture this potential income stream. Banking trojans that were installed in some computers, most of which remained idle for months are now springing back into the action of monitoring the computers that infected waiting for bank credentials to be entered through the keyboard or some other means. An IBM X-Force security research team, headed by Martin Steigemann disclosed that the campaign against taxpayers through the use of malware is in full swing. Through the use of innocent-looking Microsoft Office document “templates”, trojans such as Trickbot is able to harvest user credentials with ease.
“TrickBot is financial malware that silently infects devices for the primary purpose of stealing valuable data such as banking credentials, and then follows up with wire fraud from the device owner’s account. If your computer is infected with TrickBot, the cybercriminals operating it have complete control and can do just about anything they wish on your device, including spreading to other computers on your network and emptying your company’s bank accounts, potentially costing millions of dollars,” explained Steigemann.
The campaign to spread TrickBot is an external push by the cybercriminal and phishing groups to spread emails that have something to do with payroll, human resources, and accounting data. Users of this information are the most vulnerable, especially if they are not trained enough to detect a deliberately crafted email message that will always look like a genuine email from either payroll, HR or accounting department in a company.
IBM X-Force team is convinced that those spoofed messages were already successful in gaining the trust of users. It is not an uncommon occurrence that tax reminders are sent through email. Cybercriminals also target companies that use 3rd party payroll payment vendors in order to facilitate tax payment, just last March 5, 2019, a nasty phishing campaign was launched in order to target the users of Paychex, a popular payroll payment system.
“Recipients are more likely to expect an email about taxes from their service provider, so attackers can be much more successful if they spoof the names and email addresses of trusted HR services and accounting companies to deliver malware right around tax season. It can often be difficult to assess the intended targets of banking Trojan campaigns and whether they target business or personal email accounts. Having looked at recipient domain names in our spam traps, we can assess that the campaigns target both business and personal email addresses,” added Steigemann.
Users of such systems are highly advised to verify to your HR or payroll team if they indeed emailed a notification about taxation filing. Never trust a random email when it comes to sensitive information, especially if the topic of the conversation has something to do with money. An antivirus in itself will not help prevent infection, it is the end-user of the computer who are the front lines of firms when it comes to cybersecurity defense. Cybercriminals are motivated by profit, hence they continue to phish using authentic-looking messages and infect their potential victims with user credential-stealing malware.
Julia Sowells951 Posts
Julia Sowells has been a technology and security professional. For a decade of experience in technology, she has worked on dozens of large-scale enterprise security projects, and even writing technical articles and has worked as a technical editor for Rural Press Magazine. She now lives and works in New York, where she maintains her own consulting firm with her role as security consultant while continuing to write for Hacker Combat in her limited spare time.