A recent CNNMoney report reveals that tax season brings with it a bevy of cybercriminals who look to take advantage of small business owners. This is common, as cybercriminals typically use current events – like the royal wedding in 2011, the Super Bowl and more – to draw in victims.
“Not only do criminals exploit its anxiety and fear factor, but the tax season also gives them the opportunity to generate a variety of social engineering tricks,” Kevin Haley, director of Symantec Security Response, said to CNNMoney.
It is typical for cybercriminals to make their messages to small business owners appear as if they are coming from the IRS. Unwitting owners, then, think they are receiving important information and open messages, leading to data breaches.
“We’re seeing about 100,000 IRS-themed email scams circulating every two weeks in the U.S.,” Alex Watson, director of security research at Websense Security Labs, told the source. “They started in late December and it’s going strong now.”
Small businesses are the ideal target for cybercriminals, because large companies typically have the working capital to protect themselves with sophisticated security measures, while many smaller organizations do not. Additionally, some small businesses may think they’re not on hackers’ radar because of their size, so they may opt to forego cyber security measures.
Small businesses often do not have pockets that are as deep as bigger corporations, but owners who wish to make themselves less vulnerable can seek a business loan from alternative lenders like National Funding, which provide greater ease of access and more flexible terms.
Most dangerous scams
CNNMoney reported that there are three cyberattacks that are especially dangerous: financial Trojans, tax themed phishing scams and IRS disguised ransomware. The former often has an attachment that looks like a spreadsheet or file, but when opened, the Trojan unleashes malware onto the device with which it is opened. Cyberattackers can then steal vital log in and bank account information. They usually include names of popular tax preparation programs like Turbotax, leading business owners to believe they’re legitimate.
Tax themed phishing scams, which are carried out on fraudulent websites or email messages, recently made the IRS’ annual list of “Dirty Dozen” tax scams. They use HTML files to steal personal data and company information, which is then sent to a server that hackers control.
IRS disguised ransomware involves a virus that takes control of a victim’s computer files and threatens to erase them unless they pay – hence its name. These threats typically are sent to victims in an email that appears to have important tax related information.
Safe and secure
One way small businesses can protect themselves against such attacks is to remember one simple thing: The IRS does not request personal or financial information via email. Keeping that in mind and making sure all passwords are strong can be key in keeping small business information safe.
“Be suspicious,” Haley said to CNNMoney. “Scammers are quite good at making emails and links look legitimate. Know that the email ‘from’ the IRS will never be from the IRS.”
