Experts warn of uptick in phishing attacks against businesses leveraging Office 365 as the tax season begins, tensions run high, and opportunities to trick off-guard users will be plenty.
Cybercriminals want two things to exist when they attack: First, they want a gullible victim who will fall for a scam email. Second, they want either an immediate payoff, or a quick way to gain access to data that will turn into money quickly.
So, the combination of Office 365 users and tax season create a volatile and dangerous mix for businesses. Phishing scams related to taxes not being filed, unexpected refunds, changes to banking details, or huge tax bills are sufficient enough to get unsuspecting users to click on malicious links or attachments. And Office 365 can be the vehicle by which cybercriminals gain further access to endpoints, servers, applications, and data within the corporate network.
According to Global data recovery firm, Proven Data, during the 2018 tax season there was a significant rise in phishing attacks where emails disguised as tax-related alerts were sent to trick users into giving up their passwords. They recommend organizations consider 4 methods to protect themselves:
- Use Two-Factor Authentication – this step makes it extremely difficult for attackers to leverage stolen credentials.
- Educate Employees – Organizations engaging in Security Awareness Training create a security culture where employees become security-minded when interacting with the web and email.
- Put Checks and Balances in Place – Specifically around any request to change banking details or to issue checks/wire transfers/etc. via email, organizations should have policies in place requiring a phone call before processing the request.
- Have a Response Plan – Knowing what you’ll do should the organization experience a data breach or ransomware attack will help to minimize the damage done.
Users, regardless of their role within the organization, need to be educated on scams like this in order to elevate their understanding for the need to be vigilant against external threats. Security Awareness Training educates users on the latest trends in phishing scams, malware, social engineering, and more in an effort to establish a security culture, reducing your organization’s risk of successful cyberattack. Take the first step now and email firstname.lastname@example.org to get started.