Recently, the IRS issued an urgent
But in this case, instead of looking for tax payments, the goal of this attack was to get the intended victim to click on an embedded malicious link which would then download
In Boston there was a
These types of email attacks, both targeted at consumers and businesses, are extremely common. In fact email security companies block millions of emails every month with malware attachments, millions of clicks on malicious URLs, as well as millions of emails that attempt to spoof the receiver by impersonating their boss or a C-level person in their organization and pushing them into doing something they shouldn’t, like
There is no silver-bullet solution to these types of attacks. To be clear, the IRS does not initially contact people with a threatening email or phone call.
The IRS contacts people with good old snail mail if there’s an issue. While it’s important at an employee level to be informed with all types of email-borne attacks, organizations need a multilayered defensive program that starts with preventive technical controls against the many flavors of phishing, way beyond just anti-virus/anti-spam, but also covering threat monitoring, user awareness training, and particularly strong and focused defenses against attacks that if successful would be highly damaging to the organization.