With April’s U.S. tax deadline, cybercriminals have sprung into action. For one, a devious Emotet malware phishing campaign has been launched, masquerading as official W-9 tax form emails sent from the Internal Revenue Service (IRS). A malicious group known as Tactical#Octopus is also on the prowl and looking to spread malware through fake file downloads claiming to be related to taxes.
Here are the following best practices for individuals and organizations to adopt to protect themselves from tax scams ahead of the the U.S. tax deadline from Steven Spadaccini, VP of Threat Intelligence at SafeGuard Cyber.
- Be vigilant when receiving unsolicited emails or attachments and verify the sender’s identity before opening or downloading any files. Don’t click on links or open attachments in emails from unknown sources, and always double-check the sender’s email address and content for any signs of phishing attempts.
- Enable macro-blocking in Microsoft Office to prevent macro-based attacks and keep software up to date to prevent exploits from taking advantage of known vulnerabilities. Many campaigns use malicious macros to deliver malware, so it’s crucial to block macros by default and only allow them in trusted documents.
- Use reputable cybersecurity solutions that can detect and block Emotet and regularly backup important data to prevent data loss from ransomware attacks. Cybersecurity platforms like SafeGuard Cyber can detect and remove malware and other malicious software. Backing up your data ensures that you don’t lose important files in case of a ransomware attack.
- Educate your employees on how to identify and report phishing attempts and other suspicious activity to your IT department or local authorities to help prevent future attacks. Regular security awareness training can go a long way in helping employees identify and avoid phishing attacks, suspicious emails and social engineering tactics.
As the tax season looms and security threats like Emotet malware and Tactical#Octopus are active, enterprises must be mindful of potential cybersecurity threats that can arise from workplaces with cloud-based communication tools like Telegram, Line or WhatsApp. SMS is particularly vulnerable to phishing scams for illicit monetary gain—making it only a matter of time before the next big breach becomes reality.
By adopting these best practices, individuals and organizations can stay protected from these tax scams. Remember that prevention is always better than cure, and investing in cybersecurity measures and training can go a long way in mitigating the risks associated with these threats.
Steven is a seasoned senior cyber executive with more than 20 years of experience working for some of the highest-profile cybersecurity and technology companies in the world. Prior to joining SafeGuard Cyber, Steven held senior VP leadership positions at Absolute, Trend Micro, Imperva, FireEye (Trellix), and DTEX Systems as well as several other cyber security startups.
If you enjoyed this article and want to receive more valuable industry content like this, click here to sign up for our digital newsletters!
Leave a Reply