Watch out for these tax-themed phishing and malware scams

It is very typical to see large phishing campaigns targeting current events. One event taking place in the USA is tax season. Without any surprise, there is a ton of phishing going on attempting to take advantage of this situation. Zdnet posted a high level overview about a bunch of tax related phishing scams HERE. Here is that post.

Criminals sometimes take advantage of big events such as the Olympic Games to lure victims into hacks and cyber attacks.

It isn’t as glamorous as a big sporting occasion, but the US tax season, now in full steam ahead of the April 18 filing deadline, is a prime time for cybercriminals to steal financial information and personal data.

When people are concerned about finances they either owe or are owed, it’s an opportunity for hackers to fraudulently pose as the tax collector in an effort to carry out phishing attacks, or distribute malware and ransomware.

The IRS recently issued a warning on phishing scams targeting US tax payers, many of whom are set to do their taxes over the next month. Now cybersecurity researchers at Microsoft Malware Protection Center have identified some of the last-minute email scams taxpayers should look out for ahead of the April 18 tax deadline.

One scaremongering tactic sees cybercriminals posing as ‘tax specialists’ at the US Internal Revenue Service, claiming the victim owes tax and warning if they don’t respond within a day they’ll be fined. A ‘report’ about the situation is behind a link within the email, which of course isn’t any sort of real demand for tax, but a phishing page designed to steal data.

In this scenario, cybercriminals are playing on the ‘one day’ time limit in the hope that worried victims will hand over their data.

Another phishing scam takes playing on fear a step further: it claims to be an order to attend court from the IRS.

The message contains a Microsoft Word document which instructs the victim to enable editing in order to see the content, thus enabling the malicious macros in the document to get to work and download a Zdowbot Trojan malware onto the machine. With this malware installed, cybercriminals can monitor the victims’ every action and freely download and install other malware.

It isn’t just taxpayers who criminals are targeting; the high demand for accountants during the tax season makes them lucrative targets too — especially as the potential for new business means they’re more likely to open emails from unknown contacts. Hackers know this and are using this to their advantage.

Writing to accountants with subjects such as ‘Tax assistance needed’, cybercriminals are fraudulently claiming to be individuals who need help with doing their taxes, which are said to be viewable in an attached document.

Naturally, this document is malicious, claiming the target needs to enable content in order to see the contents of the message. Following this instruction enables macros, which install the Omaneat info-stealing malware, capable of logging keystrokes, monitoring applications, and tracking web browsing history — giving criminals access information the accountant processes. Not only does this put the accountant at risk, but client data could also be compromised and stolen.

These are just a handful of examples of cybercriminal schemes, but ultimately, any phishing or malware scheme is after the same thing: money or data. While phishing emails are becoming increasingly sophisticated via the use of advanced social engineering tactics, you can detect them if you know what to look for.

“Be aware, be savvy, and be cautious in opening suspicious emails. Even if the emails came from someone you know, be wary about opening the attachment or click on links. Some malicious emails may be spoofing the sender,” say Microsoft cybersecurity researchers.

And remember: the tax collector will never ask for your bank account details or other personal data to be sent over email. If an email asks for that, it’s a scam.

Leave a Reply

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.