Tax season brings phishing threats

IT departments must protect enterprise employees from tax phishing scams as they are being targeted by e-mail, according to Paul Wood, an analyst at Symantec Corp, headquartered in Mountain View, Calif.

Tax-related scams increase in mid-February throughout March. Fourty-eight per cent of malicious mail included tax-related phishing on March 20, this year. The majority of this e-mail claimed to be from the United Kingdom’s tax office, according to Wood.

“It’s certainly a seasonal trend, where in many countries, many people see an increase,”
Wood said.

Phishing scams change to follow the tax period, becoming more prevalent closer to the end of the financial year in April, he said.

“Phishing utilizes timely events to increase the likelihood of catching targets and information; during tax season it’s tax phishing, during election season its election phishing,” said James Quin, an analyst at London, Ont.-based Info-Tech Research Group Inc.

Typically these scams involve legitimate-looking services like telling people of a chance for a rebate, using tax issues to lure employees. The e-mail then might ask for credit card information. A recipient of the phishing e-mail should know it is a scam if it asks for credit card info because the government does not give out rebates in that fashion. These scams usually contain grammatically correct language and legitimate-looking Web sites to con recipients into giving away personal information.

The goal of a phishing scam is to attack individuals, not the enterprise. So it is the employees at risk of being scammed, according to Quin.

“Tax scams, like most broadly targeted phishing attempts, are not focused on enterprises, and therefore have little impact on them,” Quin said.

Most employees in an enterprise are already protected under anti-spam tools and filtering out e-mail containing threats, he said.

“Enterprises do this more for their own protection than the protection of their employees, but the protection is extended to the employee automatically,” Quin said. “If the business is not using some form of spam protection, whether an in-house managed solution or a third-party service, they should consider it immediately.”

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now