Avanan’s research into tax spoofs of fintech apps was featured in DarkReading. Hackers use credential-harvesting sites to obtain the victim’s information by sending fraudulent tax notification emails. In the blog, Avanan describes how to protect against five common tax scams. As DarkReading writes:
To guard against these attacks, Avanan recommends that security pros:
Tell employees not to do their personal taxes on company assets and or use their corporate email addresses
Encourage employees to check URLs before clicking on tax-related emails.Ask employees to log in directly to the financial institution when receiving tax notification emails
Teach them to contact IT when they are unsure an email is legitimate.
Read more here