If you have anything to do with the finances of a small business–from writing checks to simple bookkeeping to the management of a sophisticated financial department–you need to be aware that tax-season scams targeting you are becoming more-and-more sophisticated and are being carried out by larger and larger criminal syndicates. Small businesses are an especially enticing target because a successfully breached company can compromise the security of information related to both the business and its employees.
According to Brian Burch, vice president of consumer and small business at the computer security and backup company, Symantec, there are three types of organized crime-backed scams the company has already seen, or expects to see, during the weeks leading up to April 15 (in the U.S.)
Already seen this year is a variant of an infamous financial Trojanware Zeus – known as Citadel – that criminals use to steal financial credentials. Criminals are masking such trojans with email that appears to be related to TurboTax to target victims. Never download anything from such an email.
Tax-season phishing scams.
As with the trojanware, beware of opening any attached file that has not been fully scanned for are using HTML files that, when opened, reside on the user’s PC and capture personal data before sending it to an attacker-controlled server.
Ransomware trojanware like last year’s Cryptolocker.
While Burch says Symantec has not yet seen a tax season-specific ransomware trojan like last year’s Cryptolocker, he urges small businesses to be especially cautious when opening any email messages sent from an unknown or questionable source throughout the tax season. “Once Cryptolocker gains access to the system, important files on the device become encrypted, and only the cybercriminals can decrypt them.” The criminals demand payment in a digital, untraceable currency. “Whether the ransom is paid or not, the victimized company rarely regains access to their files,” he says.