This year, tax firms are facing intimidating malware threats. “If you have the word ‘tax’ in your domain name, you’re a target this year,” states one expert.

As a tax firm on the smaller side, you might get picked on just because you’re less likely to be able to effectively defend yourself.

Sites with unpatched and out-of-date WordPress or other content-management platforms are at increased risk of attack.

Cyber criminals exploit these vulnerabilities “to get access to the site, make changes to the site’s webpages in ways that can only be seen if you view the site’s raw HTML. This hides the compromise from visitors as well as site owners who don’t know HTML well enough to recognize the change or what it means.” After digging into the site’s code, cyber criminals add in their own. The new code additions can then deposit malware onto users’ devices when they visit the site.

Other popular modes of attack include remotely hijacking a computer’s TeamViewer, allowing cyber criminals to spy on users’ actions. The Trick banking Trojan has also been deployed against tax firms.

In select cases, cyber criminals went to the trouble of thieving or purchasing personal data to make spear phishing attempts more plausible. On at least one occasion, the cyber criminal styled him/herself as someone who the victim was familiar with, and even referenced a shared prior conversation. The phisher sent over a Word document that the tax preparer had previously requested. The document contained malware.

For more on this year’s wave of tax scams, visit Threatpost.