Cyber-attacks targeting tax professionals

The latest weekly threat report from the National Cyber Security Centre (NCSC - part of GCHQ), published on 18 August 2017, highlights scams targeted at tax professionals.

The scammer sends phishing emails with the subject "Software Support Update" which emphasise the requirement for an important software update. To receive the fake update, the email asks the users to revalidate their log in credentials by inputting them to a website made to look like the software developer's portal. The credentials, once collected, are then used to access the tax professional’s account and steal client information.

The recent reports are from the US, but similar threats have targeted tax professionals in the UK, exploiting known deadlines and software update cycles. Accountants and professional service providers often hold personal information about their clients, so are a rich target for criminals seeking to access large amounts of sensitive data in a single attack.

Measures are already in place and there is further work underway, as part of the UK NCSC’s Active Cyber Defence programme, to prevent the spoofing of HMRC email addresses in similar UK tax-themed attacks. However, accountants and professional services firms should take steps to protect client data.

Further information is available from the National Cyber Security Centre, the HMRC pages on GOV.UK and the ICAEW Cyber security resource centre. Reports of attacks should be made to Action Fraud.

  • The phishing becomes ever more sophisticated.    This month we received very clever ones which identically copied the exact"normal" wording of the software house concerned with all the right logos and sign-offs  (usually to date those have been the "weakest link" in scam / phishing emails) and in the right cycle.  The only thing wrong was the email address whence it originated.   The software house said they were not aware of it ;   more worryingly they have not overtly been responsive to our reporting the events (there were more than one).  

    I wonder if part of the problem is fear, and transparency  -  a bit like admitting a fraud has taken place, the victim is worried that acknowledging such, might lead to loss of confidence in them and their product / security.  The banks of course were (still are ??) terrible about 'fessing up to these cyber attacks and other cons.