Microsoft: Phishing attack targets accountants as Tax Day approaches
Microsoft is warning of a phishing campaign targeting accounting firms and tax preparers with remote access malware allowing initial access to corporate networks. [...]
Tax rules shape how organizations protect financial records, manage sensitive identity data, and meet legal duties for cybersecurity and reporting.
Search across headline titles and summaries.
Background for this topic.
Tax is a compulsory payment to a government, calculated under rules that may apply to individuals, businesses, property, transactions, or income. Tax administration depends on records such as identity details, bank-account information, income data, payroll records, and business financial information. Tax agencies, employers, financial institutions, and tax professionals may exchange or store this data through filing portals, application interfaces, email, and document-management systems.
Its security relevance is concentrated in confidentiality, integrity, and identity assurance. Stolen credentials or altered taxpayer records can support fraudulent filings, redirected refunds, or unauthorized access to sensitive financial information; phishing and compromise of a preparer or employer can expose many records at once. Appropriate controls include strong authentication, least-privilege access, encryption, secure data exchange, tamper-evident audit logs, and retention limits consistent with privacy and legal obligations. Security teams should also monitor filing and account changes, verify unusual requests through trusted channels, and maintain procedures for investigating suspected fraud or unauthorized disclosure.
Microsoft is warning of a phishing campaign targeting accounting firms and tax preparers with remote access malware allowing initial access to corporate networks. [...]
Something exciting to liven up tax season: cybercriminals accessing sensitive personal information for individuals through the army of accountants preparing for Tax Day in the US.
Security researchers at eSentire shared the findings in an advisory published on Monday