Accountants are being warned to be on guard against malicious hackers, as cybercriminals take advantage of the rush to prepare tax returns for clients ahead of the US Tax Day deadline.
Tax Day in the US, which falls on Tuesday April 18 this year, is the day when individual income tax returns are supposed to be submitted to the government.
Inevitably, this is a busy period for accounting firms and bookkeepers who feverishly collect the necessary documents from their clients. And according to A Warning from MicrosoftCybercriminals have also been busy – taking advantage of the looming opportunity to spread malware.
As Microsoft security experts warn, accounting and tax return preparation firms have been targeted in a malware campaign masquerading as an email from a client.
Part of the email reads:
I apologize for not responding sooner; Our personal tax return should be simple and not require much of your time. I believe you will require a copy of our last year’s documents such as W-2s, 1099s, mortgages, interest, contributions, medical investments, HSAs, etc. that I have uploaded below.
The email goes on to share a link where it claims to be able to download a password-protected PDF containing confidential documentation.
Downloading the ZIP archive found in the link, and accessing its contents, on the other hand, initiates the download of additional malicious content, which in turn installs a copy of the Remcos Remote Access Trojan (RAT) – opening a backdoor through which a malicious hacker may gain access to the target’s computer and network.
When Remcos is successfully delivered to a victim’s PC, an attacker can take over the computer to steal data, and move laterally across the organization’s network.
Stolen data may later be used by criminals to gain deeper access into an organization or attack the company’s partners, or simply be offered for sale on the dark web if a ransom is not paid.
It makes sense that all organizations, not just those involved in preparing tax returns for clients, would be careful about handling email attachments and links, especially when they are forwarded alongside unsolicited emails.
Companies need to protect themselves with layered protection, keep their systems up-to-date against vulnerabilities, and follow secure computing practices to reduce the chance of becoming a victim of an attack.
Editor’s Note: The views expressed in this author’s article are solely those of the contributor and do not necessarily reflect those of Tripwire.
