The following article was published in today’s Seacoast Sunday.
There are two new scams making their way around email and they worth knowing about. The first targets tax preparers, as tax season gets into full swing. The second targets users of Google’s Gmail free and paid email services.
Tax scams were in the news quite a bit last tax season. Those scams targeted taxpayers. This year’s scam takes a new path, targeting tax preparers. If you are a tax preparer, read on. If you use a tax preparer, consider warning them about this scam. Here’s how it works.
A hacker will send an email to a tax preparer, posing as a potential client seeking tax preparation services. If the tax preparer responds to this email, the hacker has a live fish on the hook. They will then send you a response with links or attachments that will contain malware. They may go nowhere or contain no information, but by clicking on them, the tax preparer will have malware installed on their computer.
Once this happens, the tax preparers computer network is now penetrated. The hackers may have unrestricted access to the tax preparers’ network or they may have installed a key logger on to the computer, thereby allowing the hacker to see everything that is typed on that computer. Just imagine the wealth of personal information that would be exposed if a hacker was able to see everything that is keyed into a typical tax return form. Hackers may use this information to file false tax returns, steal a person’s identity, open new credit accounts and more.
If you’re in the tax preparation business, you should never exchange tax-related information via insecure email. Be sure you use a secured file transfer system or encrypted email. You should initiate the electronic exchange, not the other way around. Most of this is common sense, but in this busiest time of year, it’s easy to fall prey to scams like this, so be on the lookout and when in doubt, call your prospect or client on the phone to confirm what they have sent before you open it.
The second scam is a fairly sophisticated attack on Gmail users. You receive an email that appears to come from someone you know and includes an attachment that looks legitimate. Normally, when you click an attachment in the web browser interface for Gmail, it will preview the file in the window. They key with this scam is that it pops a new window asking you to login to Gmail in order to view the attachment.
This login window looks nearly identical to Google’s login page and even the URL appears to be a Google URL at accounts.google.com. However, it’s not. This login prompt is the hacker’s creation and it captures your email address and password. At this point, the hacker has control of your email account and can reset the password to lock you out. Another complication with this hack is that accounts.google.com is a legitimate URL. However, it should only be in the format of https://accounts.google.com. If you see anything suspicious in the URL, close it out. This particular hack inserts data:text/html in front of the URL, but it’s hard to catch on the fly. This is why even security conscious users are reporting being tricked by this one.
Even if they do not lock you out, which they may not do initially, they now have access to your entire mailbox. They scan your folders looking for messages with useful information, like access to other online systems. They can then use the forgotten username and/or password features on most websites to reset your credentials, now that they have access to your email. From there, the damage may be extensive.
Google is said to be aware of this scam and working to update their defenses to defeat it. No timeline has been given, so you need to be vigilant. A good rule to work by is that anytime you open what you think should be a legitimate attachment, if it asks you to login, that’s a big red flag. Immediately change your password and take all the available options offered to secure your account.
As always, if anything just doesn’t seem right, play it safe and delete the message or don’t open it until you can contact the sender and confirm if they actually sent you a message. It’s an extra step, but if could be your best protection against a hack that could cause you years of problems. Stay safe online!