Tax season is in full swing at enterprises. Security teams know that cybercriminals are up to their tax-scam tricks, too, often in search of a company's weakest link: its employees.
"These scams are so widespread because they work and it's easy money for cybercriminals," says Joseph Carson, chief security scientist at Thycotic. "If you have a large target list at a company and many of the victims are unable to tell the difference between a scam and authentic notices, then even if a small number of people fall for such a scam, it's still extremely profitable for the cybercriminals."
Indeed, tax scams are a significant enterprise risk, not only for dollars lost but in terms of stolen credentials that provide criminals with initial access into a company's network environment, says Rick Holland, chief information security officer and vice president of strategy at Digital Shadows.
"[Just] when you thought the pandemic didn't provide fraudsters with enough phishing lure options, US tax season now comes along," Holland says. "This year's tax fraud season even gets an extension, as 29 million Texas residents and business owners have had their filing deadlines extended to June because of February's winter storm."
The best offense, as any security pro worth their weight very well knows, is to have a good defense. The following tips can keep enterprises and their employees on their security toes as April 15 nears.