Office 365 Data Thefts May Rise During 2019 Tax Season

 In Office 365

While most people are just beginning to contemplate how much money they spent during the holidays, hackers are already hard at work planning how to extract even more money from your wallet. Tax season 2019 is kicking into high gear — and businesses are directly in the crosshairs of cyber criminals. Any guess what the number one method of cyber intrusion is? Email subterfuge.

One might think that the world’s most popular cloud email ecosystem, Microsoft Office 365, is safe and beyond reproach. The sad fact is, Office 365 data files are being stolen, blocked, held captive and destroyed every day. And this year email attacks are expected to rise over 2018’s record highs. Tax season is a time for businesses to be extra vigilant.

Tax Season Cyber Attack Deconstructed

You may be asking yourself, how does a typical cyber intrusion occur? Let’s take a look at one of the most common ways hackers infiltrate Office 365 — through an email phishing attack. This is how a phishing attack might play out in a small town near you.

Nancy is the office manager for a local dental office in Pagosa Springs, Colorado. She is as a highly skilled and respected member of a doctor’s staff who knows the in’s and out’s of Office 365 like the back of her hand. But on one fateful Friday morning when Nancy received what looked like an official email from the State of Colorado notifying her there was a problem with an overdue tax payment, her emotions got the best of her and she sprung into action without clearly thinking. Nancy was frantic. Had she neglected to file one of the medical company’s quarterly estimated income tax payments? If so, her employer would be upset. With 30 minutes to go until the end of the business day, she quickly clicked on the SCHEDULE A PAYMENT button in her email message to see what payment might have gone missing, and why.

Nancy didn’t bother to look closely at the ‘From’ field in her Microsoft Outlook email browser. If she had, she might have noticed that the email was not actually from the state of Colorado. The spelling of the sender’s wasn’t quite right. The ‘From’ field was marked: “” when it should have read, “” The bottom of the email included the correct State of Colorado Department of Revenue logo and 2019 copyright on it, so at a glance it looked official.

After clicking the SCHEDULE A PAYMENT button, nothing happened. She wasn’t sent to the state government’s payment gateway page. She waited, then clicked the button again. And again. Still nothing. Little did Nancy know that deep within the computer network of her doctor’s servers, an Office 365 data disaster was unfolding.

The ‘harmless’ SCHEDULE A PAYMENT click had downloaded a sophisticated version of the Locky ransomware app that immediately started encrypting all of the Office 365 email files for the Dentist Office with the .osiris extension. Even worse, a copy of the company’s data, including all patient data, was exported to a remote hacker.

Disaster! One misguided click brought down the entire Dentist Office and put 20 years of the dentist’s stellar reputation at risk. And this sad story is happening more and more often to businesses around the world.

“Most people are starting to realize that there are only two different types of companies in the world: those that have been breached and know it — and those that have been breached and don’t know it,” said Ted Schlein, Managing Partner at venture capital firm, Kleiner Perkins Caufield & Byers.

Amazingly, a single hacked email account can provide hackers with access to your entire business Office 365 network — your Exchange emails, attachments, calendars and tasks — even your SharePoint, OneDrive, Groups and Teams files as well. Can you imagine if you or your employees were suddenly unable to access their Office 365 files? Or if your Office 365 data — including customer information — were stolen and made available on the dark web? It would be a potential crisis — and could bring your entire organization to a grinding halt!

“A data breach can be devastating for a company,” said Christopher Graham, former Information Commissioner of the United Kingdom. “When customers start taking their business—and their money—elsewhere, that can be a real body blow.”

Office 365 and other popular cloud email ecosystems scubas G Suite Gmail, are particularly susceptible to email phishing attacks during the tax season because the bad guys know that businesses are sending and receiving large amounts of money related to taxes being owed or refunded. During the 2018 tax season, financial analysts saw a rise in phishing emails disguised as official tax-related notices designed to confuse businesses into downloading malware or inadvertently sharing their passwords.

Incidents like the phishing attack into the dental office during tax season highlight the importance of employee education combined with a comprehensive threat mitigation strategy.

Anti-virus software is not 100% foolproof. Endpoint security tools cannot guarantee data safety. Real-time threat monitoring is great — but it’s like playing whack a mole. Hackers can still access Office 365 even with the best prevention tools in place.

Loss of business critical data because of a hack or a disaster (whether natural or manmade) can result in lost revenue, frustrated customers, and a damaged reputation. Organizations need to be able to both secure data against hackers and restore data from a timely backup in the event of an Office 365-related data loss event, as well as human error such as accidental deletion.

No tax season threat mitigation strategy is complete without having a complete backup of your client’s Office 365 data handy in the cloud that is easily recoverable to any previous point in time that you may need it. All Office 365 backups should be comprehensive — covering as many Microsoft apps as possible such as Exchange, SharePoint, OneDrive, Teams and Groups. This way, your entire Office 365 ecosystem is safeguarded against unforeseen disaster.

Only offsite backup, ideally outside of where Office 365 is stored, can ensure 100% data can be recovered. No other Office 365 threat mitigation tactic can guarantee that your Office 365 data will be safe. Backup is like insurance for your data.

7 Ways to Identify An Office 365 Email Phishing Attack

Here’s a short list of seven simple rules to spot phishing emails:

  • Never trust an email’s display name — always verify the email address
  • Never click links in your Outlook email unless you use filtering tools such as VadeSecure
  • Check for spelling and grammar errors in the email message — crooks are poor spellers!
  • If threatening language or undue urgency is used in the email message — be on alert
  • Check the email signature — a corporate signature should have business contact details
  • Avoid clicking on email attachments — this could launch a rogue malware program
  • When in doubt, ask your IT department, system admin or MSP for help

Tax Season: Potential Payday for Hackers, Mayday for Businesses

For companies doing business in the United States, tax season is between January 1 and April 15 of each year. It’s a hectic time of year — and your staff may more focused on day-to-day tasks than defending themselves against rogue email hacker attacks. Remember, your system is only as strong as your weakest link. Make sure you educate your employees on how to spot Office 365 email phishing attempts and have your IT department or MSP keep your Office 365 backups current, safe and housed in a separate location.

With the right safeguards in place, tax season can be mayday for the bad guys — and if you receive a tax refund — a payday for you.

Recommended Posts