Another Tax Year. A New Email Scam to Watch out For

This time, the threat is not from an African prince but your own CEO or CFO.  

The 2016 tax season has been marked again with the expected number of spammy cyberattacks – the bad guys taking advantage of the time of year to target taxpayers by pretending to be the U.S. Internal Revenue Service (IRS). In fact, the IRS reported seeing a 400 percent “…surge in phishing and malware incidents so far this tax season.” And in the UK, the same is true with warnings out about the number of spam emails claiming to be from Her Majesty’s Revenue and Customs (HMRC).

The 2016 tax season has been marked again with the new email cyberattacks
The 2016 tax season has been marked again with the new email cyberattacks

But this year things have taken a dangerous turn - we have seen a new attack being widely used that specifically targets employees within companies called CEO fraud or whaling. In response to this specific threat, the IRS has given clear warnings to HR and payroll professionals to watch out for this threat. In the UK, Action Fraud has issued a similar warning and has also seen a marked increase in reports of CEO fraud – 1000 between July 2015 and January 2016.

Mimecast’s research reflects this trend – 67% of companies we surveyed said they had seen an increase from January to March this year of whaling emails after money, and 43% saw an increase in those seeking data.

And the very bad news is this attack is working. A large number of organizations have already reported that they have been the victim of attacks that have resulted in confidential information that can be used for serious identity theft being leaked to criminals unwittingly by employees. Not to mention financial losses from fraudulent wire transfers.

Now, as other countries enter their tax season, organizations of all sizes (and their employees) can expect to also be the target for cybercriminals intent on stealing data. Employees who have access to confidential information on customers, the company or employees should be particularly vigilant.

These whaling attacks target named individuals and use email to manipulate employees to send over confidential information like tax records or personal information. Often they specifically target HR or finance professionals. The attacker pretends to be the CFO, HR director or even the CEO and uses a fake email address to make their approach look authentic. Often engaging in a number of email exchanges before making their request to build up trust.

So if you run an HR or finance team (or look after their email) now is the time to be extra careful. Ensure employees understand the threat from whaling and remind them of the importance of checking directly (and not over email as this may have been compromised) with their bosses that the information (or money) they are being asked to share is really as a result of a legitimate request from them.

Now technology can help too. Mimecast just announced the first technology service to tackle this threat. Our new service called Impersonation Protect is designed to stop these attacks – we scan all incoming email and warn employees and the IT team if it looks like it is a potential whaling attack. 

So this tax season, don’t become the victim of a well architected whaling attack. Up your guard and defenses. But remember the attackers won’t limit themselves to going after your data just once a year. Make the changes now to your processes, employee security awareness and technology to protect yourself all year round.