March 12, 2020
If you’re an accountant or tax professional, you know that tax season is also scam season and that you’re a prime target.
Cybercriminals are using new, sophisticated scams that can compromise your website or infiltrate your systems with remote desktop software. These join the more traditional email-based attacks that trick you into installing malware that steals your credentials or takes charge of your systems. There are, however, precautionary measures you can take to protect your business and clients during this important time.
Attacks include taking control of small-business websites with out-of-date content management programs (like WordPress) and using them to distribute malware to website visitors. Other scams seen this year feature tailored emails with malicious attachments. Cybercriminals use stolen or purchased data to make the emails more believable. Scammers may pose as someone you already know, making you believe the attachment is one you have requested. When you click on the macros-enabled Word document, TeamViewer installs. Attackers frequently abuse this legitimate remote control application because it often goes undetected by malware protections. TeamViewer allows attackers access to sensitive information used for tax preparation.
In some cases, harmful attachments have tax-related names including “W2,” “W4,” or “1099 forms.” In other instances, the email copy includes phrases designed to make you take notice of “important changes” or “important adjustments” to filing deadlines and fees. Clicking on these macros-enabled documents will download “The Trick,” a commonly used banking Trojan that steals your clients’ financial credentials and information.
5 ways to protect yourself from scams and cyberthreats
The first step you can take is to treat all tax-themed attachments like potential threats! Never click on attachments without checking the sender’s information and ensuring you have requested the document. You should also update out-of-date websites and increase security to avoid attacks.
Here are five additional tips Castra recommends:
- Understand your vulnerabilities – Keep up-to-date on business technology and how it impacts your company. What types of data do you use, and where is your data stored? Knowing what your “crown jewels” are and where they’re kept will help you protect them.
- Put someone in charge – As a sole proprietor or small business, you’re accountable for data security, and if you’re not up to the task, you should hire a vendor or consultant who is.
- Manage your updates and firewalls – Keeping up with the latest updates and patches is difficult, so automate them through your settings menu. And if you haven’t already installed firewalls on your routers and modems, ask your Internet service provider to do it. It’s critical to turn them on and make sure they function properly.
- Use encryption – Encryption guards the gate to your data, preventing access to your entire network. This means that even if scammers steal your passwords, they will only gain access to what your passwords have access to – not your full infrastructure. Make sure your wireless network is also encrypted and create a guest network that won’t allow fraudsters access to your internal systems.
- Enforce password policies – Ensure that employees are not sharing passwords and utilize a password manager for key systems with sensitive information. This can help to ensure that employees are using strong passwords and different passwords for each account. While you may opt to enforce strict password rules on every piece of software you use, utilizing a password manager is easier. The program automatically generates strong, unique passwords for every user’s account and allows for easy management. Additionally, it allows you to easily delete accounts no longer in use.
Safeguarding against potential threats can be a daunting challenge. As always, Castra is here to help. Reach out today to see how we can keep your business and data secure.