In the U.S., April 18 is Tax Filing Day – But it is also an Unofficial National Phishing Day for the Cybercriminal
The April 18 deadline for submitting individual and company tax returns in the U.S. is a cause for stress and tension for the procrastinators – and one of the milestones of the year and a virtual goldmine for the cyberthief.
Millions of individuals and companies will be using technologies like email, online submission forms and Web portals to review and submit their taxes. And millions of cybercriminals will devote the days leading up to tax day to sending out millions of phishing emails to consumers and businesses, trying to grab social security numbers, paycheck stubs, bank accounts, passwords, IDs and other key pieces of personal and professional information with fake web sites and fraudulent emails that represent themselves as possible official government collection agencies.
The Comodo Threat Research Labs (CTRL) researches, notifies and protects Comodo’s customers from malware and phishing attacks around the globe. We spoke to Mr. Fatih Orhan, Director of Technology for Comodo and CTRL about tax day and this prevalent, and robust, phishing trend:
“In this age of sharing and collaborating in an online world, being exposed to phishing is an eventuality for virtually every company, well-known or not. It may not be the most groundbreaking attack method cybercriminals use — but there’s no denying that cybercriminals are becoming more clever when crafting their messages. More frequently, they’re using well-known applications or social platforms and also action-oriented language in the subject lines to entice recipients to open the emails, click the links or attachments and get the information they want.”
“Users should be cautious of any email that requires information or that redirects to a URL Web page— and especially if there is a file download. Comodo is working around the clock to stay ahead of cybercriminals’ next moves by creating innovative solutions that protect and secure endpoints and keep enterprises and IT environments safe.”
Comodo is advising ahead of April 18 Tax Day that phishing campaigns will happen, and businesses and consumers should take the following actions on any tax-related email they receive that looks out of the ordinary (both before and after tax day):
- Check the email address and domain name of the company sending it. While it may appear to be an official email, closer inspection will most likely reveal that the actual email address is not affiliated with the domain name of the company
- Check the URL and domain of the website they’re trying to direct you to. Chances are the URL and domain are also not affiliated with the company they’re purporting to represent
- Check with your IT department before opening or clicking on a link that you deem suspicious
For systems administrators and IT directors who want to prevent phishing emails from spreading across their network and endpoints, Comodo suggests these seven security tips:
- Have an endpoint security protection platform in place, particularly one that relies on default-deny architecture
- Use anti-virus, anti-phishing, firewall and containment technologies as part of a layered defense system
- As part of this layered approach to security – have advanced endpoint protection, Secure Web Gateway and breach and threat detection systems in place
- Ensure you keep software up-to-date through patching
- Regularly train employees to raise awareness for phishing and other social engineering attacks
- Conduct regular penetration testing to look for vulnerabilities
- Regularly audit firewall and SIEM logs for any anomalies – and ensure the team doing the audit knows what to look for
And whether you’re sitting back awaiting your refund check, or stockpiling energy drinks, coffee and tax extension forms, if you think you or your company’s IT environment is under attack from phishing, malware, spyware or cyberattacks, contact us at Comodo at either: https://enterprise.comodo.com/contact-us/?af=7566 or firstname.lastname@example.org.