Tax Season Attacks That Target Small Business

by | Mar 4, 2020 | Best Practices

2 min read

It’s time to file your taxes again—a headache, we know. But do you know what’s even more of a headache? Dealing with the fallout from a cyberattack.

According to Proofpoint, if you have “tax” in your domain name, you are already a target for tax season. What’s more surprising is the fact that financial firms and construction industries are also being targeted disproportionately, proving that attackers will target anyone.

Small and medium sized business are particularly vulnerable when targeted. Why? Because of their size, they have smaller IT departments than larger companies. As a result, their IT capabilities can be severely limited—especially as far as security is concerned.

Attackers see this weakness as an invitation. Therefore, it behooves managers of companies like this to stay informed of the types of attacks their employees and infrastructure could be exposed to.

Proofpoint lists two main categories of attacks they have identified so far this tax season: email scams and tax-themed website compromise.

Email scams fall under the category of phishing attacks, which in turn fall under the broader category of social engineering attacks. These kinds of attacks use human interaction to compromise sensitive business or personal information, often by tricking the target. Phishing attempts to do this using emails or phony websites posing as legitimate, trusted institutions or individuals. We recently wrote a blog that teaches you how to identify phishing emails.

Social engineering tactics are only getting better, and they can be particularly persuasive during tax season. Email subject lines (“Important adjustments for form 1099”), file attachment names (“”), and message bodies (“Please check the attached form for errors and let me know if there are any mistakes”) only need to trick you for a few seconds to do serious damage.

Besides malicious links that send you to phony websites, email scams can include attachments—even familiar, friendly files like Word docs—to get you to download malware. In the case of Word docs, beware the sender demanding you “Enable Content” in the document. This is how they get you to run macros on your device that give them control.

Attackers compromise the websites of legitimate tax firms by targeting sites with out-of-date content management installations (like WordPress). They can take advantage of vulnerabilities that allow them to change a site’s HTML. The compromised website code will attempt to download malware onto the user’s system.

Proofpoint offers two pieces of advice. First, you should treat all tax-themed attachments as potentially malicious. This applies especially when the sender claims to be from the IRS. The IRS will never initiate contact over email. Verify with the sender before opening attachments. Second, for small tax firms, Proofpoint says to prioritize website security, relying on a third party to host/update it on your behalf if you lack the resources.


Recent Posts

Let's Talk

You have questions.
We love to listen.

Customer Support

Need help?
Your help desk is ready.

Plan a Visit

32 Franklin Street, Suite 500
Worcester, MA 01608