Tax season is one of the peak times of the year for cybercrime. Part of the reason the season can be so lucrative for cybercriminals is because of the increased vulnerability of human targets — many people depend on their tax return to pay bills, and so are easy victims to emails claiming there is a problem with their filing or promising more money if they file with someone else, while professional preparers are stressed out, overworked and trying to process vast amounts of information.
But taxes are not the only thing that make people emotionally and psychologically more vulnerable to scams. Anything that heightens fear and anxiety is a boon to online scammers, which is what makes the current coronavirus pandemic prime time for cybercriminals to try and trick people into giving their money away to the wrong people.
This week, the U.S. Secret Service issued guidance around coronavirus-related phishing scams.
“Cybercriminals are exploiting the coronavirus through the wide distribution of mass emails posing as legitimate medical and or health organizations,” the guidance reads. “In one particular instance, victims have received an email purporting to be from a medical/health organization that included attachments supposedly containing pertinent information regarding the coronavirus. This led to either unsuspecting victims opening the attachment, causing malware to infect their system, or prompting the victim to enter their email login credentials to access the information resulting in harvested login credentials.”
The guidance goes on to note that a rise in teleworking, which the accounting profession is now exploring in full force, increases the risk of cyberattacks that prey on employee anxieties.
“Phishing emails are the easiest method of attack that cybercriminals have,” explained Monique Becenti, product and channel specialist at SiteLock, a website security solutions provider. “Especially with workers in highly affected locations like Seattle and California starting to work remotely, companies should be communicating cybersecurity best practices — don’t click on links; don’t download any attachments. Cybercriminals could also take advantage of remote work by impersonating someone from HR.”
More and more firms are issuing notices to their staff, giving them the option to work from home, with all the support they can provide and no penalization for making this choice. National tax firms are leading the charge, as they are in a time of increased client contact and longer office hours.
AbacusNext, which provides cloud hosting and related tools to professional services firms, has been advising their customers on how to approach going “suddenly virtual.” Some firms are more prepared than others, but even if a firm is less prepared, there are tools they can quickly put in place to lessen the risk of security breaches. Client portals for secure document transfer, for instance, are very useful, as are e-signature tools so that clients don’t have to sign anything in person; and VPN (virtual private network) services, which can be very inexpensive, and allow staff to access firm software platforms securely.
“The CDC has said, we don’t want you to panic, but why not dust off your preparedness plans and review them,” said Nicole Fluty, product manager for AbacusNext’s OfficeTools products. “As a tech provider, we are definitely part of those plans.”
When looking for these tech tools quickly, including VPNs, Becenti advised to Google “best ‘X’ tool,” and look at reviews for the top five or so to make sure you are buying a legitimate service — because another side effect of last-minute planning can be to fall victim to another layer of scams, such as VPN providers that actually steal data.”
“Some VPN services are very cost effective, around $3.99 just for a license monthly,” Becenti said. “Look for one that doesn’t keep any logs; doesn’t affect browsing speeds; has DNS [domain name system] leak protection; and offers 24/7 US-based support.”