How to avoid phishing scams ahead of this year’s tax deadline

April 17, 2023
A senior cyber expert provides 4 best practices for keeping your financial information secure

With the looming April 18th U.S. tax deadline, cybercriminals have sprung into action. For one, a devious Emotet malware phishing campaign has been launched, masquerading as official W-9 tax form emails sent from the Internal Revenue Service (IRS). A malicious group known as Tactical#Octopus is also on the prowl and looking to spread malware through fake file downloads claiming to be related to taxes.

Here are the following best practices for individuals and organizations to adopt to protect themselves from tax scams ahead of the April 18 tax deadline from Steven Spadaccini, VP of Threat Intelligence at SafeGuard Cyber.

1.      Be vigilant when receiving unsolicited emails or attachments and verify the sender's identity before opening or downloading any files. Don't click on links or open attachments in emails from unknown sources, and always double-check the sender's email address and content for any signs of phishing attempts.

2.      Enable macro-blocking in Microsoft Office to prevent macro-based attacks and keep software up to date to prevent exploits from taking advantage of known vulnerabilities. Many campaigns use malicious macros to deliver malware, so it's crucial to block macros by default and only allow them in trusted documents.

3.      Use reputable cybersecurity solutions that can detect and block Emotet and regularly back up important data to prevent data loss from ransomware attacks. Cybersecurity platforms like SafeGuard Cyber can detect and remove malware and other malicious software. Backing up your data ensures that you don't lose important files in case of a ransomware attack.

4.      Educate your employees on identifying and reporting phishing attempts and other suspicious activity to your IT department or local authorities to help prevent future attacks. Regular security awareness training can go a long way in helping employees identify and avoid phishing attacks, suspicious emails, and social engineering tactics.

As the tax deadline looms and security threats like Emotet malware and Tactical#Octopus are active, enterprises must be mindful of potential cybersecurity threats that can arise from workplaces with cloud-based communication tools like Telegram, Line, or WhatsApp. SMS is particularly vulnerable to phishing scams for illicit monetary gain—making it only a matter of time before the next big breach becomes a reality.

By adopting these best practices, individuals and organizations can stay protected from these tax scams. Remember that prevention is always better than cure, and investing in cybersecurity measures and training can go a long way in mitigating the risks associated with these threats.

About the author: Steven Spadaccini, is the VP of Threat Intelligence, SafeGuard Cyber. Steven is a seasoned senior cyber executive with more than 20 years of experience working for some of the highest-profile cybersecurity and technology companies in the world. Before joining SafeGuard Cyber, Steven held senior VP leadership positions at Absolute, Trend Micro, Imperva, FireEye (Trellix), DTEX Systems, and several other cyber security startups.