How Scammers Take Advantage of Tax Season

Tax Malware Featured

When it’s time to file your taxes, it can be a mad dash to get everything sorted before the deadline. Unfortunately, this mad dash to get your tax returns filed makes for a prime hunting ground for hackers.

By using the deadline rush they can slip in their scams while people are in a frenzied state, catching them off-guard and getting their malware onto the victim’s computer. But how do scammers take advantage of the tax season, and what can you do as a taxpayer to avoid such an attack?

How Scammers Take Advantage of Tax Season

Tax Malware Hacker

The key to the scammer’s attack is a strain of malware called TrickBot, that works by scanning the computer for banking details and passwords, then uses the information it gathers to steal money. It has to infect computers in order to work, so scammers use the tax season to take advantage of the frantic dash to get TrickBot onto people’s PCs.

They typically do this by creating a spreadsheet file infected with TrickBot. The scammers then grab a domain name that’s similar, but not identical to, a major bank or tax advisor. They use this domain name to send out emails to people, claiming they have important tax information for people to go over before they hand in their tax returns.

Of course, this kind of attack can happen and succeed at any time of the year. The scammer, however, usually picks dates close to the tax deadline in order to prey off of people’s panic. As everyone is going through all of their records, the infected spreadsheet blends in well with all the other paperwork people have to comb through.

Who Is Hit?

Tax Malware Data

Originally, TrickBot used to only get sent to people in businesses and banks, but recently it’s been used to scam cryptocurrency users.

Limor Kessem, a security advisor at IBM, says the following:

“We believe this campaign to be highly targeted in its efforts to infiltrate US organizations, with the hallmarks of the TrickBot Trojan gang. Since it emerged in 2016, we’ve seen that TrickBot’s operators focus their efforts on businesses and, therefore, manage distribution in ways that would look benign to enterprise uses: through booby-trapped productivity files and fake bank websites.

“This is not a threat of the past. Based on our research, not only is TrickBot one of the most prominent organized crime gangs in the bank fraud arena, we also expect to see it maintain its position on the global malware chart, unless it is interrupted by law enforcement in 2019.”

How Do You Avoid These Attacks?

Tax Malware Security

The next time tax season comes around, be extra vigilant about the emails you receive. Double-check every sender’s address to ensure it’s coming from who you think it is. Even then, be sure your antivirus is updated and active so it can catch any infected spreadsheets you may accidentally download.

A Taxing Season

Every time tax season comes around, scammers work to take advantage of the panic to spread their malware and steal information. Now you know about this threat and how to beat it.

Are you usually good with filing your own taxes before the deadline? Let us know below.

Subscribe to our newsletter!

Our latest tutorials delivered straight to your inbox