Experts warn of uptick in phishing attacks against businesses leveraging Office 365 as the tax season begins, tensions run high, and opportunities to trick off-guard users will be plenty.
Cybercriminals want two things to exist when they attack: First, they want a gullible victim who will fall for a scam email. Second, they want either an immediate payoff, or a quick way to gain access to data that will turn into money quickly.
So, the combination of Office 365 users and tax season create a volatile and dangerous mix for businesses. Phishing scams related to taxes not being filed, unexpected refunds, changes to banking details, or huge tax bills are sufficient enough to get unsuspecting users to click on malicious links or attachments. And Office 365 can be the vehicle by which cybercriminals gain further access to endpoints, servers, applications, and data within the corporate network.
According to Global data recovery firm, Proven Data, during the 2018 tax season there was a significant rise in phishing attacks where emails disguised as tax-related alerts were sent to trick users into giving up their passwords. They recommend organizations consider 4 methods to protect themselves:
- Use Two-Factor Authentication – this step makes it extremely difficult for attackers to leverage stolen credentials.
- Educate Employees – Organizations engaging in Security Awareness Training create a security culture where employees become security-minded when interacting with the web and email.
- Put Checks and Balances in Place – Specifically around any request to change banking details or to issue checks/wire transfers/etc. via email, organizations should have policies in place requiring a phone call before processing the request.
- Have a Response Plan – Knowing what you’ll do should the organization experience a data breach or ransomware attack will help to minimize the damage done.
Free Phishing Security Test
Find out what percentage of your employees are Phish-prone™
Would your users fall for convincing phishing attacks? Take the first step now and find out before the bad guys do. Plus, see how you stack up against your peers with phishing Industry Benchmarks. The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.
Here's how it works:
- Immediately start your test for up to 100 users (no need to talk to anyone)
- Customize the phishing test template based on your environment
- Choose the landing page your users see after they click
- Show users which red flags they missed, or a 404 page
- Get a PDF emailed to you in 24 hours with your Phish-prone % and charts to share with management
- See how your organization compares to others in your industry
PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser: