CPAs targeted with new phishing attack amidst the rush of tax season
CPAs targeted with new phishing attack amidst the rush of tax season

Microsoft has recently warned of a new phishing campaign aimed at accounting firms and tax preparers. This new scam employs a type of malware called Remcos that allows hackers initial access to corporate networks. With tax season coming to a close, cybercriminals are taking advantage of the increased workload on accountants, hoping to trick them into opening malicious files they would typically avoid when less busy.

The phishing campaign begins with emails that appear to be from clients, sending necessary documents to complete their tax returns. Threat actors design these emails to be convincing, hoping tax preparers will unwittingly click on the included links or attachments.

The phishing campaign begins with emails

Source: Microsoft

However, these links lead to file-hosting sites that download a ZIP archive, containing files that mimic various tax forms, but in reality, are Windows shortcuts.

The malware called Remcos is a remote access trojanThe malware called Remcos is a remote access trojan

Source Microsoft

The malware called Remcos is a remote access trojan. Once clicked and deployed on a device, the attackers can move further through the network, stealing data, and deploying additional malware on other devices connected to the network.

As accountants hold highly sensitive data for individuals and corporations, a data breach in this type of organization could significantly harm a large group of people. This makes it essential for accountants and tax preparers to be aware of the risks of phishing attacks and take appropriate steps to protect their networks and data.

To avoid falling victim to phishing campaigns, it is crucial to exercise caution when opening emails and clicking on links. You should only click on links or download attachments from trusted sources and avoid emails that ask you to provide personal or financial information, even if they appear to be from a legitimate source.

Businesses must remain vigilant in the face of cyber threats and ensure that their employees are aware of the risks and the best practices for staying safe online. This includes having robust security measures in place, such as anti-virus software, firewalls, and encryption, as well as regularly training staff on the latest threats and how to avoid them.

Ultimately, by taking proactive steps to protect their networks and data, businesses can reduce the risk of a devastating cyber attack. It’s essential to remember that cyber threats are a serious concern for all organizations, particularly those that hold sensitive data. Therefore, it is critical to remain vigilant and aware of the risks and take appropriate action to stay safe online.

With over 25 years of experience, we at Motiva Networks can help you plan and see if your data has been compromised with a Free Confidential Cybersecurity Risk Assessment. Or you can schedule a quick 10-minute call to discuss the best options for your Agency or small business, or go over any questions you might have HERE. 

Walter-Contreras