Security firm KnowBe4 has issued a timely warning for tax preparers. As the tax season ramps into full swing, enterprising hackers are targeting tax preparers. While this is not necessarily new, it’s starting up early and it’s evolving.
The hacker may start with an email to a preparer, posing as a potential client, looking for tax preparation services. Don’t respond to these unsolicited messages. That’s exactly what the hacker wants and they will send you a response, including links or attachments containing malware. This is a textbook social engineering attack, designed to get you, the preparer, to open their message and install their malware onto your computer. You know where this is going now…
Now the hacker may have unfettered access to a tax preparers computer. They can use this access to send email to actual clients, asking them for sensitive tax information. They could also use the tax preparers computer to compromise the preparers network and the sensitive data that’s there or hosted elsewhere.
The information the hackers may be able to obtain could be used to file false tax returns, among other things. Last year, we saw an alarming increase in the number of false tax returns filed. Don’t compromise your business. Do not exchange tax information via unencrypted, open email. Be sure you know who you are communicating with, at all times. Play it safe. When in doubt, pick up the phone and verify the sender actually sent you the email. If they included unencrypted sensitive information, advise them they may now be at risk and they should take steps to protect their potentially exposed information.
For a list of known tax scams tracked by the IRS, check the following web site: