Accountants are being warned by malicious hackers to be careful. That’s because cybercriminals are taking advantage of the rush to prepare their clients’ tax returns before the US tax day deadline.
Tax Day in the United States, which falls on Tuesday, April 18th this year, is the day you file your personal income tax return with the government.
Inevitably, it’s a busy time for accounting firms and bookkeepers who are diligently collecting required documents from their clients. And, according to Warning from Microsoftcybercriminals are also busy, taking advantage of pressing deadlines to spread malware.
As security experts at Microsoft warn, accounting and tax preparation firms have been targeted with malware campaigns disguised as emails from customers.
Here is part of the email:
I apologize for not being able to reply sooner. Our personal tax returns should be simple and shouldn’t take much time. W-2, 1099, Mortgage, Interest, Donations, Medical Investments, HSA etc. Latest documents I have uploaded below. I think you will need a copy of
Emails continue to share links claiming to download password-protected PDFs containing sensitive documents.
However, when you download the ZIP archive found in the link and access its contents, it starts downloading more malicious content and installs a copy of the Remcos Remote Access Trojan (RAT), potentially allowing malicious hackers. A backdoor is opened that can be exploited. Gain access to target computers and networks.
Once Remcos is delivered to the victim’s PC, the attacker can take control of the computer, steal data, and move laterally throughout the organization’s network.
The stolen data can later be exploited by criminals to gain access deep into the organization, attack company partners, or be sold on the dark web if the ransom is not paid. .
It makes sense that all organizations, not just those involved in preparing tax returns for their clients, should be very careful with email attachments and links. Especially when delivered with spam.
Businesses must protect themselves with defense-in-depth, patch their systems for vulnerabilities, and follow safe computing practices to reduce their chances of falling victim to attacks.
Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor and do not necessarily reflect those of Tripwire.
