As tax season approaches us, so do cybercriminals. The time when we stress most about money and financial situations and now we have to take into consideration potential scammers attacking us, small businesses in particular.
Cybercrooks often use current events to disguise their attacks, said Kevin Haley, director of Symantec Security Response.
“Not only do criminals exploit its anxiety and fear factor, but the tax season also gives them the opportunity to generate a variety of social engineering tricks,” Haley said.
These typically take the form of (fraudulent) tax-themed messages from the IRS that are actually phishing scams and ransomware.
Small businesses are targeted more than large firms because they’re more vulnerable and the schemes are more lucrative.
“Large companies are better protected,” said Haley. “Cybercriminals know that smaller firms are more lax with their security and probably keep more money in their bank accounts.”
Alex Watson, director of security research at Websense Security Labs, said his firm has tracked a sharp increase in tax-related cyberscams this year against businesses.
“We’re seeing about 100,000 IRS-themed email scams circulating every two weeks in the U.S.,” said Watson. “They started in late December and it’s going strong now.”
Here are the three most dangerous cyberattacks:
Financial Trojans: This type of attack uses names of popular tax-prep programs like Turbotax. Haley said targets receive an email with an attachment disguised as an important tax document from Turbotax.
“In most cases, the attachment looks like a spreadsheet or a document file,” he said.
If you open it, it launches malware on to your computer or phone. Once it’s installed, the malware allows scammers to steal login information and bank account credentials.
Tax-themed phishing scams: Haley said these scams use HTML files that capture personal data and company information and then send it to a server controlled by the cybercrooks.
In its annual list of “Dirty Dozen” tax scams, the IRS highlighted this particular attack, which is carried out through a fraudulent email or website.
The IRS emphasized that it never uses email to request personal or financial information.
IRS-disguised ramsonware: This attack mimics a Cryptolocker threat, meaning the virus seizes control of your computer files and threatens to erase them unless you pay a ransom.
During tax season, Haley said the Cryptolocker virus is disguised in an email that purports to have important tax-related information.
“This is a particularly vicious attack,” he said. “It will not only lock your personal files but also encrypt them and hold them for ransom.”
Some businesses feel they have no choice but to pay, he said.
Want to outsmart the cybercriminals? Regularly back up important files or encrypt sensitive data, Haley said.
There are other steps small businesses can take to protect themselves from cyberscams.
Good security software is a must, said Haley, as is password protection. Just don’t use the same password everywhere! Also, be very careful about clicking on links in an email.
Finally: “Be suspicious,” Haley said. “Scammers are quite good at making emails and links look legitimate. Know that the email ‘from’ the IRS will never be from the IRS.”
Now, we want to hear from you! Would like to share your opinion or make a comment on the Unlock Your Wealth Radio Show? If so, then please leave your comment or questions in the space provided below and share this article with your friends and family on Facebook and Twitter. Your comments or question could be chosen as our featured Money Question Monday and a phone call by financial expert Heather Wagenhals could dial your way to be live on the Unlock Your Wealth Radio Show.
Original article courtesy of money.cnn.com.