Tax‑season SharePoint phishing

As tax season ramps up, cybercriminals are exploiting the urgency and anxiety surrounding tax filings by launching sophisticated phishing campaigns. Security analysts have identified a surge in fraudulent websites mimicking legitimate tax services, with one notable example being a domain named FlowerStorm (totaltaxinc-my.sharepoint.com). This site, hosted on Microsoft’s SharePoint platform, managed to bypass detection by VirusTotal’s scanning engines, highlighting the growing challenge of identifying malicious content on trusted cloud services. (x.com) The use of SharePoint for phishing is not a random choice; attackers are increasingly leveraging reputable platforms like Microsoft’s cloud services to host malicious content because these domains are inherently trusted by users and security tools alike. By embedding phishing pages within SharePoint, cybercriminals can trick individuals into entering sensitive information such as Social Security numbers, bank details, or login credentials under the guise of tax-related correspondence. This tactic capitalizes on the platform’s legitimacy to evade traditional detection mechanisms like email filters or browser warnings. (x.com) The scale of the problem is significant, with cybersecurity firms reporting a sharp increase in phishing attempts during tax season. According to recent data from the IRS, over 1.4 million phishing and malware incidents were reported in 2022 alone, often tied to identity theft and fraudulent tax filings. The abuse of cloud hosting services like SharePoint adds a layer of complexity, as these platforms are widely used by businesses and individuals for legitimate purposes, making it harder to distinguish between safe and malicious content without advanced scrutiny. (irs.gov) Microsoft, which operates SharePoint, has acknowledged the misuse of its services for phishing and stated that it actively monitors and removes malicious content when identified. The company encourages users to report suspicious activity and has implemented automated systems to detect abuse, though the FlowerStorm case demonstrates that gaps remain. Cybersecurity experts urge users to verify URLs carefully, avoid clicking on unsolicited links, and enable two-factor authentication to protect against credential theft. (microsoft.com) The IRS has also ramped up efforts to combat tax-related scams, issuing public warnings about phishing attempts and partnering with cybersecurity organizations to track and shut down fraudulent domains. Taxpayers are advised to only interact with the official IRS website (irs.gov) and to be wary of emails or websites claiming to offer refunds or urgent tax assistance. With tax deadlines approaching, officials expect phishing attempts to intensify, particularly through trusted platforms like SharePoint. (irs.gov) Looking ahead, experts predict that cybercriminals will continue to exploit cloud hosting services as long as they provide a veneer of legitimacy. The cat-and-mouse game between attackers and defenders will likely drive further innovation in detection technologies, while user education remains a critical line of defense. In the meantime, both individuals and organizations are urged to stay vigilant, especially during high-stakes periods like tax season, when the pressure to act quickly can override caution. (x.com)