Accountants are being warned to be on their guard from malicious hackers, as cybercriminals exploit the rush to prepare tax returns for clients before the deadline of US Tax Day.
US Tax Day, which falls on Tuesday April 18 this year, is the day on which income tax returns for individuals are due to be submitted to the government.
Inevitably it’s a busy time for accounting firms and bookkeepers who are feverishly collecting necessary documents from their clients. And, according to a warning from Microsoft, cybercriminals have also been busy – taking advantage are taking advantage of the impending deadline to spread malware.
As security experts at Microsoft warn, accounting and tax return preparation firms have been targeted in a malware campaign that disguises itself as an email from a client.
Part of the email reads:
I apologize for not responding sooner; our individual tax return should be simple and not require much of your time. I believe you would require a copy of our most recent year’s documents, such as W-2s, 1099s, mortgages, interest, donations, medical investments, HSAs, and so on which I have uploaded below.
The email continues to share a link where it claims a password-protected PDF can be downloaded containing confidential documentation.
Downloading the ZIP archive found at the link, and accessing its contents, however, initiates the download of further malicious content, which in turn installs a copy of the Remcos Remote Access Trojan (RAT) – opening a backdoor through which a malicious hacker can potentially gain access to the target’s computer and network.
With Remcos successfully delivered to the victim’s PC, an attacker could seize control of the computer to steal data, and move laterally throughout the organisation’s network.
Stolen data could later be exploited by the criminals to gain access deeper into an organisation or attack the company’s partners, or simply be offered for sale on the dark web if a ransom is not paid.
It makes sense for all organisations, not just those involved in preparing tax returns for clients, to take great care when handling email attachments and links, especially when delivered alongside unsolicited emails.
Companies should protect themselves with a layered defence, keep their systems patched against vulnerabilities, and follow safe computing practices to reduce the chances of becoming the victim of an attack.
Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor and do not necessarily reflect those of Tripwire.
