Cybercriminals are using new, sophisticated scams that can compromise your website or infiltrate your systems with remote desktop software. These join the more traditional email-based attacks that trick you into installing malware that steals your credentials or takes charge of your systems. There are, however, precautionary measures you can take to protect your business and clients during this important time.
Attacks include taking control of small-business websites with out-of-date content management programs (like WordPress) and using them to distribute malware to website visitors. Other scams seen this year feature tailored emails with malicious attachments. Cybercriminals use stolen or purchased data to make the emails more believable. Scammers may pose as someone you already know, making you believe the attachment is one you have requested. When you click on the macros-enabled Word document, TeamViewer installs. Attackers frequently abuse this legitimate remote control application because it often goes undetected by malware protections. TeamViewer allows attackers access to sensitive information used for tax preparation.
In some cases, harmful attachments have tax-related names including "W2," "W4," or "1099 forms." In other instances, the email copy includes phrases designed to make you take notice of "important changes" or "important adjustments" to filing deadlines and fees. Clicking on these macros-enabled documents will download "The Trick," a commonly used banking Trojan that steals your clients' financial credentials and information.
The first step you can take is to treat all tax-themed attachments like potential threats! Never click on attachments without checking the sender' information and ensuring you have requested the document. You should also update out-of-date websites and increase security to avoid attacks.
Safeguarding against potential threats can be a daunting challenge. As always, Lumifi is here to help. Reach out today to see how we can keep your business and data secure.
We’ve expanded our MDR capabilities with enhanced incident response and security services to better protect against evolving cyber threats.