While a savvy small business owner may not be fooled to open up an email about a Nigerian prince … an email about a tax rebate may very well get a click.
Continue Reading Below
Cyber-security firm Symantec says cyber criminals are already using tax season messaging to attack small business owners.
“The bad guys in general are always looking to take advantage of topical subjects, like natural disasters or celebrity deaths,” says Symantec expert Kevin Haley.
And taxes, says Haley, can be a particularly lucrative topic for criminals.
“What makes [tax scams] stronger is that there’s a fear out there, and a strong motivator that something is wrong with your taxes, or you haven’t paid, or you’re about to get fined,” says Haley. “It’s very, very effective.”
Here are three types of scams to be on the lookout for:
No. 1: Financial Trojans
Haley says cybercriminals are sending out emails using the TurboTax name to lure small business owners into opening the letters. Once they open these “Trojan horse” emails and click on the attachment, malware is immediately downloaded that monitors computer browsing.
“So when it sees you’re browsing a bank’s site and you log in, [the malware] gets that log-in and password, and sends it off to the bad guy,” says Haley.
No. 2: Phishing Attacks
Phishing attacks are simpler – but also effective. With this sort of attack, a small business owner might receive an email with a message that says: “In order to get your rebate faster, you need to log in and tell them you’re okay with us transferring money.”
Haley says the cybercriminals then steal bank usernames and passwords, after getting business owners to log in on the fake pages.
“This is also very prevalent in tax season,” says Haley.
No. 3: Ransomware and Cryptolocker
Ransomware and Cryptolocker sound frightening – and they should be. Haley says these attacks lock up computers and prevents users from accessing any files or programs.
“You’ll see a message pretending to be from the FBI or the Department of Homeland Security,” says Haley. The message generally has instructions for how to pay a fine to unlock the computer.
But Haley says even those who pay the fine often don’t get their computers unlocked. And with Cryptolocker– a variation on the Ransomware attacks—computer files are encrypted and can’t be retrieved.
“It makes recovery impossible … it’s an even more frightening twist on this,” says Haley.
And because even the wariest business owners can fall prey to attacks, Haley says the best offense is a good defense.
“It’s really important that people back up small business computers and make sure their data is backed up and saved,” says Haley.