Barracuda identifies new tax return scam
Tax season is coming to an end, but tax-related scams are not slowing down. In fact, sometimes tax fraud can be even more successful after tax day.
The Barracuda Email Threat Scanner scans and analyses thousands of corporate mailboxes daily across the world, giving us a view into targeted phishing attacks.
As companies and individuals rushed to meet the tax return deadline, we saw a significant number of threats go above and beyond the typical seasonal spam we’d expect.
We identified one particular attack that was extremely well targeted and sophisticated.
Hackers used multiple techniques to trick people into sending the tax forms, with devastating consequences. Victim organisations had to inform their employees, contractors, and students that they had failed to protect their most sensitive information. What’s more, the theft is often followed by additional attempts of identity theft.
How does the attack work?
- Research: The attacker identifies 2 employees of the company: one with access to the tax forms (e.g. HR administrator), and then another person who the attacker will impersonate – typically someone in senior management who will sometimes have a need to access tax documents.
- Social engineering: The attacker creates an email that looks legitimate. For an especially attractive target, the attacker might begin the attack by calling the company and impersonating someone on the phone.
- Impersonation: The attacker uses typo-squatting and other methods to trick the recipient into believing that there is a legitimate need for the forms, even though the tax deadline has passed. When the recipient receives this email, it will include an urgent request for the documents to be forwarded.
- Black Market Sales: Once the documents have been captured, the attacker will parse the information and sell the valuable data, primarily the SSNs, on the black market. In 2016, account-monitoring company LogDog reported that Social Security credentials fetch approximately $1 each on the black market.
Although we have passed the tax deadline, you can expect these attacks to continue. Employees who handle sensitive tax documents are expecting fraud and data theft during the tax season. They aren’t necessarily expecting it after the returns have been submitted. Many become less vigilant when a deadline has passed, and they are more easily tricked into participating in a scam like this. Look for new reasons for sending the tax forms such as:
- Accounting firm lost the tax forms
- The company is preparing for an audit
- The manager wants to send the forms to central storage for safe-keeping
To find out more information including how to not become the attack’s next victim, visit the Barracuda blog here: http://blog.barracuda.com/2017/04/26/threat-spotlight-w-2-phishing-scam/