BOGUS TAX RETURNS AS RESULT OF EMAIL PHISHING
Protecting Cloud-Based Programs from Phishing Scams
An employee at a small CPA firm in Houston received an email asking for their Office365 credentials. The email appeared to be from Microsoft, so the employee provided his credentials using the link in the email. Soon after, he noticed emails would appear and disappear randomly along with strange and unexpected activity on other online accounts. He uses a cloud-hosted tax program and realized a random user account was created on the portal that was filing bogus tax returns.
Pathway Forensics reviewed the employee’s Office365 portal and enabled audit logging to check for malicious activity. Pathway’s cyber experts checked to see if there were forwarding rules set up on the employee’s mailboxes and worked to enable multi-factor authentication (MFA) on the accounts in Office365 for an additional layer of protection in addition to the new account password. We also worked directly with the cloud-hosted tax software company to enable MFA on the employee’s account as well as the account activity notifications that would alert him of new user accounts and changes to existing ones.
The CPA firm employee was able to stop the bogus tax returns from being deemed legitimate and now has multiple layers of authentication and alerts to help prevent future security incidents.
- Incident response
- Multi-factor authentication setup and enablement