https://www.channelfutures.com/wp-content/themes/channelfutures_child/assets/images/logo/footer-new-logo.png
  • Home
  • Technologies
    • Back
    • Analytics
    • Artificial Intelligence
    • Cloud
    • Data Centers
    • Desktop
    • IoT
    • Mobility
    • Networking
    • Open Source
    • RMM/PSA
    • Security
    • Virtualization
    • Voice/Connectivity
  • Strategy
    • Back
    • Best Practices
    • Business Models
    • Channel 101
    • Channel Programs
    • Channel Research
    • Digital Transformation
    • Diversity & Inclusion
    • Leadership
    • Mergers and Acquisitions
    • Sales & Marketing
    • Specialty Practices
  • MSSP Insider
    • Back
    • Business of Security
    • Cloud and Edge
    • Endpoint
    • Network
    • People and Careers
    • Training and Policies
  • MSP 501
    • Back
    • 2020 MSP 501 Rankings
    • 2020 Hot 101 Rankings
    • 2020 MSP 501 Report
  • Intelligence
    • Back
    • Our Sponsors
    • From the Industry
    • Content Resources
    • COVID-19 Partner Help
    • Galleries
    • Podcasts
    • Reports
    • Videos
    • Webinars
    • White Papers
  • EMEA
  • Awards
    • Back
    • Excellence in Digital Services
    • 2020 MSP 501
    • Top Gun 51
  • Events
    • Back
    • CP Conference & Expo
    • Channel Partners Evolution
    • Channel Evolution Europe
    • Channel Partners Event Coverage
    • Webinars
  • Channel Mentor
    • Back
    • Channel Market Intelligence
    • Channel Educational Series
Channel Futures
  • NEWSLETTER
  • Home
  • Technologies
    • Back
    • Analytics
    • Artificial Intelligence
    • Cloud
    • Data Centers
    • Desktop
    • IoT
    • Mobility
    • Networking
    • Open Source
    • RMM/PSA
    • Security
    • Virtualization
    • Voice/Connectivity
  • Strategy
    • Back
    • Best Practices
    • Business Models
    • Channel 101
    • Channel Programs
    • Channel Research
    • Digital Transformation
    • Diversity & Inclusion
    • Leadership
    • Mergers and Acquisitions
    • Sales & Marketing
    • Specialty Practices
  • MSSP Insider
    • Back
    • Business of Security
    • Cloud and Edge
    • Endpoint
    • Network
    • People and Careers
    • Training and Policies
  • MSP 501
    • Back
    • 2020 MSP 501 Rankings
    • 2020 Hot 101 Rankings
    • 2020 MSP 501 Report
  • Intelligence
    • Back
    • Our Sponsors
    • From the Industry
    • Content Resources
    • COVID-19 Partner Help
    • Galleries
    • Podcasts
    • Reports
    • Videos
    • Webinars
    • White Papers
  • EMEA
  • Awards
    • Back
    • Excellence in Digital Services
    • 2020 MSP 501
    • Top Gun 51
  • Events
    • Back
    • CP Conference & Expo
    • Channel Partners Evolution
    • Channel Evolution Europe
    • Channel Partners Event Coverage
    • Webinars
  • Channel Mentor
    • Back
    • Channel Market Intelligence
    • Channel Educational Series
    • Newsletter
  • REGISTER
  • MSPs
  • VARs / SIs
  • Digital Service Providers
  • Cloud Service Providers
  • CHANNEL PARTNERS ONLINE
 Channel Futures

From the Industry


Tax Season Is Prime Time for Spear Phishers

  • Written by AppRiver Guest Blog 2_3
  • March 28, 2017
You may not love tax season, but spear phishers certainly do: They leverage unencrypted email, poor firewalls, and general social engineering to steal taxpayers’ and organizations’ tax returns in hopes of garnering a refund and/or nonpublic information (NPI). Making matters worse is that these attacks are, in many ways, easier to wage than filing a return.

You may not love tax season, but spear phishers certainly do: They leverage unencrypted email, poor firewalls, and general social engineering to steal taxpayers’ and organizations’ tax returns in hopes of garnering a refund and/or nonpublic information (NPI). Making matters worse is that these attacks are, in many ways, easier to wage than filing a return.

Email should be considered as secure as the server it’s hosted on, which–depending on the server–could be either extremely secure or extremely vulnerable. Normally, a cybercriminal looking to steal some returns will try to hack the server, which is why it’s good practice (and, in some cases, federally or state-mandated) to transmit financial information, including corporate tax returns, via encrypted messaging. If cybercriminals can’t get access to the server, their next best option is to target those who have access, like an IT admin.

January to mid-April is the prime time for criminals to try to convince susceptible employees to hand over private company information, including tax returns, company bank account information, and employee information including healthcare and W-2 files. Many organizations naively believe that this could never happen to them. However, a quick search online can usually show the prevalent dangers of these sorts of attacks. Companies like Snapchat, Seagate, Polycom, Advance Auto Parts, and, yes, even hospitals, schools, and utility companies have all been victims of spear phishing.

At AppRiver, we have seen the spike in phishing traffic already occurring this tax season. The beginning of the year is typically when taxpayers anticipating big refunds rush to have their returns filed, while taxpayers who owe usually procrastinate until the last second. For these reasons we anticipate that phishing traffic will continue to dwindle until the very end of tax season, with perhaps another small push toward the deadline.

So, how do criminals identify a potential target? It’s easy. First, they’ll search for a company on social media sites like Facebook and LinkedIn. Nowadays, it’s more uncommon than not for social media users to list their employment on their social media profiles, or even have a dedicated online resume (on LinkedIn, for example). In a company with more than 50 employees, odds are at least one person from finance has listed his or her employment on a social media account.

After choosing a target, the criminal will either spoof the company’s domain to create an email address that appears to come from a high-level executive, like the CEO, or create a similar one that most employees wouldn’t catch. An example would be using .net instead of .com, or adding an extra letter in the domain.

When an outside criminal crafts an email in such a way that it looks to be internal, some users will trust them without digging deeply enough. And that’s the core component to spear phishing. A criminal doesn’t need to be a hacker or gain access to secure internal systems. If someone can send convincing, legitimate-appearing emails, employees may hand over sensitive information and be none the wiser.

While right now this tactic is used to get W2s, NPI and tax returns, tactics along the same lines are used year-round–for example, using wire transfer fraud emails to dupe employees to wire tens of thousands of dollars from companies’ accounts to dummy accounts set up by the criminals. The FBI refers to these as Business Email Compromise (BEC) messages. The broader interpretation is any external email that claims to be from an internal user (like the CEO) who wants an employee to do something that compromises the integrity of business operations. This is a very dangerous attack vector because of how successful it is. The total damage companies face is in the millions each year.

So how does one avoid spear phishing, wire transfer fraud and BEC year round?

Unfortunately, there’s no panacea when it comes to blocking spear phishing attempts. However, there are some steps an organization can take to combat them:

  • Use encrypted email. It should be company policy that certain bits of sensitive data should always be encrypted when sent via email. Ideally, no such information would ever be sent externally; but, if it was, with this protocol the data would still ideally remain secured and unusable by the third-party.
  • Look at the recipient address when replying. A quick glance to the “To:” address when replying could potentially stop many of the spear phishing attacks. Criminals like to use things like freemail accounts (Outlook, Gmail, Yahoo, etc.) in the “Reply To:” field in a message in when phishing. This is only visible to most users once they go to reply. If they are willing to spend a few dollars, they even register domain names very similar to the victim’s domain.
  • Use two-factor verification. Having a company policy where it’s acceptable to transfer $50k with a single email request is a bit loose with the coffers. It’s best for everyone if there is a second verification in place, such as a quick office visit or phone call. Same with sending around something like all employees W-2 files.
  • Hover over links in messages. Spear phishing attacks sometimes aim just a single email communication to get through to a user, with no back and forth requires. Such an attack might include providing a phishing link looking for an employee’s email login, linking all the information to do a wire transfer for an external site, or even providing a link for an employee to upload sensitive company data. Knowing where you are going online by hovering, as well as glancing at, URLs once you are there is a common security tactic that some people need to follow more closely.
  • Don’t be afraid of your boss. Yeah, this can be a tough one. But some of these spear phishing emails rely on using the CEO name as a strong-arm to get an employee to do something. By writing the text in a way that sounds urgent or demanding, some employees may forgo any set policy and bypass procedures in place to please their boss. After all, they think the CEO is ordering them to. Obviously, questioning every order that comes down isn’t feasible or advisable, but, again, there are certain things like sending W-2s and wire transfers that should have set policies in place where everyone follows them no matter what. It’s better to question all wire transfers than to miss that one and send $20k to some foreign account.
  • Use an email filter. This may be obvious, but many email filters have advanced features and tests that can catch these sorts of attacks that people may not be aware of. At AppRiver, we have an advanced spear phishing test that can look for these types of low-key phishing email tactics and stop them. If you have a filter service that doesn’t have spear phishing features in it, you can even do something like block external email using your domain name in it: Any email using your domain name, but coming from somewhere that’s not your own server, gets blocked. Or you can enable SPF on your own domain and verify that on any incoming messages.

Guest blogs such as this one are published monthly and are part of Talkin’ Cloud’s annual platinum sponsorship.

Tags: Cloud Service Providers Digital Service Providers MSPs VARs/SIs From the Industry

Related


  • office 365
    How to Improve First Call Resolution with Microsoft Office 365 Service Tickets
    Here are some tools and strategies for improving the rate of FCR with Office 365 service tickets.
  • SaaS
    Tactics for Selling SaaS Backup
    Here are three ways every MSP can portray the value of SaaS Backup to their customers.
  • Cloud migration
    Cloud Migration Hurdles—and How to Overcome Them
    Cloud migration is hardly a seamless affair, but organizations can effectively leverage the cloud with the right planning and tools.
  • Differentiated service portfolios
    How FortiSOAR Can Help MSSPs Provide Differentiated Service Portfolios
    As the market for threat detection and response grows, FortiSOAR ensures that MSSPs are able to provide differentiated service portfolios to their customers.

Leave a comment Cancel reply

-or-

Log in with your Channel Futures account

Alternatively, post a comment by completing the form below:

Your email address will not be published. Required fields are marked *

Related Content

  • 2020: The Year of the Triple
  • 2021 Cybersecurity Predictions
  • Three 2021 Predictions that MSPs Can Bank On
  • The Increasing Importance of Business Resilience and Network Agility

Galleries

View all

New, Changing Partner Programs: AWS, Tech Data, Avaya, Verizon

January 11, 2021

Industry Perspectives

View all

Help Your Customers Mitigate Malware: Viruses, Worms, and Trojans…Oh My!

January 15, 2021

SMBs’ Cybersecurity Risk Awareness Is Rising

January 13, 2021

Your Cloud Data Is Protected, But Is It Portable?

January 12, 2021

Webinars

View all

Blueprint for a Scalable MSSP Practice in 2021

January 21, 2021

Who’s Behind the Mask? Hacker Personas Explained

January 26, 2021

How Managed Hosting Providers Thrive with the Alternative Cloud

February 24, 2021

White Papers

View all

Why Subscription Business Model

January 15, 2021

The Ultimate MSP Guide to Sales Efficiency

January 14, 2021

Eight Reasons Why MSPs Need IT Industry-Specific Sales Tools

January 14, 2021

Upcoming Events

View all

Channel Partners Virtual

March 2, 2021 - March 4, 2021

Channel Partners Conference & Expo

November 1, 2021 - November 4, 2021

Videos and Fastchats

View all

FASTCHAT: How SOAR Eliminates Security Challenges and Elevates Service Provider Revenues

January 6, 2021

Happy Holidays from Channel Partners & Channel Futures!

December 21, 2020

FASTCHAT: How Old, Unpatched Technologies Are Creating New Security Threats for MSPs and Their Customers

December 3, 2020

Twitter

ChannelFutures

.@IBMServices snaps up #MSP Taos for #hybridcloud expertise. dlvr.it/RqggQR https://t.co/Fy3uPDtLNw

January 16, 2021
ChannelFutures

.@LenovoBusiness launches its thinnest #ThinkPad to date @CES, revamped ThinkBooks and #ThinkReality glasses.… twitter.com/i/web/status/1…

January 16, 2021
ChannelFutures

Help your customers mitigate #malware @Tech_Data #cryptolocker #antivirus #ransomware #cybersecurity… twitter.com/i/web/status/1…

January 15, 2021
ChannelFutures

Advantages of the Subscription business model for MSPs and IT Resellers @kaspersky dlvr.it/RqgDJn https://t.co/ay694fudp3

January 15, 2021
ChannelFutures

Cloud #distributor @Pax8 launches in UK with leadership team in place. dlvr.it/RqfJWx https://t.co/RsKDCowM5V

January 15, 2021
ChannelFutures

bit.ly/3oO2vFY twitter.com/Craig_Galbrait…

January 15, 2021
ChannelFutures

The Ultimate MSP Guide to Sales Efficiency @zomentum dlvr.it/Rqc63q https://t.co/rHIVLkR01K

January 15, 2021
ChannelFutures

Eight Reasons Why MSPs Need IT Industry-Specific Sales Tools dlvr.it/Rqc62k https://t.co/MQDcIYc7G9

January 15, 2021

MSSP Insider

Newsletters and Updates

Sign up for The Channel Report, Channel Futures Update, MSP 501 Newsletter and more.

Live Channel Events

Get the latest information on the next industry-leading Channel Partners event.

Channel Partners Online

Want more? Find more channel news and analysis on our sister site, Channel Partners.

Media Kit And Advertising

Want to reach our audience? Access our media kit

DISCOVER MORE FROM INFORMA TECH

  • Channel Partners Online
  • Channel Partners Events
  • MSP 501
  • MSSP Insider
  • IoT World Today
  • Webhostingtalk

WORKING WITH US

  • Contact
  • About us
  • Advertise
  • Newsletter

FOLLOW Channel Futures ON SOCIAL

  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookie Policy
  • Terms
Copyright © 2021 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.
This website uses cookies, including third party ones, to allow for analysis of how people use our website in order to improve your experience and our services. By continuing to use our website, you agree to the use of such cookies. Click here for more information on our Cookie Policy and Privacy Policy.
X