The closer we get to tax day in the United States, the more likely we are to see criminals take advantage of the activity around tax-related documents. We've covered these scams before, here and here, and we predicted tax-related trouble in this blog here. Just as expected, there's a new IRS related scam making the rounds. It works like this:
Emails with a malicious Word document arrive in the potential victim's inbox. There are several variants with subject lines such as,
- “You are eligible!”
- “Confirmation of your tax refund”
- “Subpoena from IRS”
- “I need a CPA”
- “Info on your debt and overdue payments”
If the recipient enables editing in the attached document, the malicious macro will attempt to infect the recipient machine with malware. So far researchers have seen this attack use Zdowbot trojan downloaders and Omaneat malware.
Some emails contain links to sites where victims can view personalized reports on their delinquent taxes. In reality, these are phishing sites designed to steal victim information.
The Microsoft Malware Protection Center has details and screenshots on these attacks.
The IRS also published an alert about similar attacks. That alert warns of scammers attempting to capture someone's tax refund or steal personal information through a phishing site. The IRS alert with the details is here.Never open an attachment or email that looks suspicious. Click To Tweet
As you can imagine, many people are in a hurry to get their taxes processed and in doing so, they often make mistakes they normally wouldn't. Even during these stressful times, best practices should be followed:
- Never give out sensitive information as a result of an email about taxes or other sensitive issues. Most agencies, including the IRS, will not use email to request sensitive information from members of the public.
- Use a web browser that helps you identify secure sites and an up-to-date AV protection on your computer.
- Carefully inspect emails, links, and attachments before acting on them. Even emails that appear to be from a friend can contain threats.
- In a network environment, protect users with Advanced Threat Protection and Email Security Services.
- Encrypt sensitive files, use strong passwords, and do not conduct business across public wifi networks.
Most importantly, never open an attachment or email that looks suspicious.
For information on Barracuda email security solutions, visit our corporate site here.
Fleming Shi is Chief Technology Officer at Barracuda, where he leads the company’s threat research and innovation engineering teams in building future technology platforms. He has more than 20 patents granted or pending in network and content security. Connect with him on LinkedIn.