Every Solution You Can Imagine – and More
What cybersecurity solution do you need? From Zero Trust to ADR, IAM, risk/privacy, data protection, AppSec and threat, securing digital transformation, to resiliency and remediation, we can build the right program to help solve your challenges.
A Single Partner for Everything You Need
Optiv works with more than 400 world-class security technology partners. By putting you at the center of our unmatched ecosystem of people, products, partners and programs, we accelerate business progress like no other company can.
We Are Optiv
Greatness is every team working toward a common goal. Winning in spite of cyber threats and overcoming challenges in spite of them. It’s building for a future that only you can create or simply coming home in time for dinner.
However you define greatness, Optiv is in your corner. We manage cyber risk so you can secure your full potential.
Tax Season Attacks – Part 2, Phishing
Tax season is officially upon us, and with it brings out a host of scams against taxpayers. In this blog series we explore three specific attacks: phishing, shoulder surfing and dumpster diving. Read part one for a high level synopsis of each type of attack.
In this post we examine phishing scams featuring attackers trying to impersonate the Internal Revenue Service (IRS).
The tax season brings phishing emails crafted specifically to attract all those who file their taxes online. Phishing scammers send emails claiming to be from either the IRS or well-known tax preparation companies, offering links as click bait. These links lead to attacker-controlled websites that ask for personal information, filing status, ordering transcripts and verifying PIN information. The IRS has renewed their consumer alert for e-mail related schemes after seeing a 400 percent surge in malware and phishing attacks this tax season.
The IRS does not initiate conversations by email due to disclosure requirements. This is true in all situations – in tax returns as well as for audits. Attackers gamble that targets do not know this about the IRS, and create legitimate-looking emails and web pages, using IRS marks and terminology, in order to entice them to enter personally identifying information as well as financial information.
User awareness is paramount for preventing tax phishing attacks. User education is a process – and seminars or informational documents for security awareness that are released near tax season should provide information specifically targeted toward tax-related scams. Tax-themed phishing scams are common. You should be aware that the IRS does not initiate communications via email, and that they do not link to websites that directly request payment information via email. General phishing prevention best practices also apply here, including not clicking on links or downloading any attachments from unknown or suspicious emails. If you are aware of what to look out for, you will be less likely to fall for something specific that you know to be a scam. In addition, employers should also educate users on internal procedures for reporting phishing scams, in case attackers target employees at their business addresses.
In addition to user awareness, technical protections against phishing and malware can also help thwart tax-related scams. You should always use security software with firewall and anti-virus protections enabled and updated when filing your taxes. You should only prepare taxes on machines on which the operating system and all end-user software have been fully patched. In case a phishing attacker attaches a malicious document or includes an exploit on a destination website, these measures can mitigate the damage.
From a corporate perspective, content filtering can help prevent employees from being attacked by tax scammers at work. Consider a policy of default-deny for all unknown web domains. That way, since many phishing domains are new and untested from a perspective of content filtering solutions, access to those phishing domains can be blocked before users have a chance to surrender their personal information to attackers.
Continue to part three: shoulder surfing.
July 21, 2015
Learn how we can help secure your date throughout its lifecycle.
Let us know what you need, and we will have an Optiv professional contact you shortly.