Every April, procrastinators hurry to get all of their paperwork together to file their taxes, while accountants also strive to make every minute count. As it turns out, everyone is busy in April, even cybercriminals.
The end of tax season is prime time for fake phishing e-mails asking taxpayers to log in and check the status of an income tax return, messages claiming that updated tax documents have been issued, and even e-mails asserting that there is an error with your tax return.
Each year hundreds of these types of attacks claim their victims by tricking them into providing personal identifiable information (PII) that is later used to perform account takeover fraud. These types of attacks are not new, but they are still used because they remain effective. Links and obfuscated URLs sent through an e-mail are often directing your customers to malware-infested sites or phish kits designed to harvest their credentials. An anti-fraud educational campaign is crucial to help protect your customers from these harmful scams, and the Department of Homeland Security has made a few useful recommendations as well:
- Do not follow links in unsolicited email messages.
- Keep antivirus software up to date.
- Refer to US-CERT's Security Tips on Recognizing and Avoiding Email Scams and Avoiding Social Engineering and Phishing Attacks for additional techniques and recommendations.
Keep in mind, these recommendations are publicly available and easily accessible to fraudsters as well as organizations and end users.
The reality is that simply educating your stakeholders is not enough. Financial institutions have to start going on the offensive, working under the assumption that your customers are targets at all times. By continuously monitoring for scams and phishing kits and phony sites that target your brand and customers, you reduce the likelihood that a large population will be caught in any of these schemes.
Easy Solutions Detect Monitoring Service helps organizations completely remove threats from the Internet. Our customers see these sites removed in an industry-leading average time of 3.6 hours per attack. That means all the work the criminals have put into designing a site that looks like yours, and can fool your customers, suddenly becomes much less cost-effective, if it can only stay up for a few hours, instead of days or weeks.
Two things are certain in life – hackers and taxes. But by changing the economics of these attacks, you can make yourself, and your customers, a much less attractive target for these schemes, making April, and every month, a little less painful.
To learn more about how to monitor your brand and reduce the time phishing attacks can be effective, visit http://www.easysol.net/newweb/Products/detect_monitoring_service