Microsoft warns about tax-related scams this month.
Criminals are taking advantage of the proximity of Tax Day in the United States.
With the April 15 tax filing deadline approaching rapidly in the United States, a recent report has warned about an increase in phishing attacks that leverage this situation to deceive individuals into sharing their personal information. The campaigns, identified by Microsoft, utilize social engineering techniques and redirection methods such as QR codes, URL shorteners, and other malicious attachments to distribute malware, including variants such as Latrodectus, BruteRatel C4 (BRc4), and AHKBot, as well as Remote Access Trojans (RATs).
This tax filing period poses a significant risk for those seeking assistance, as criminals are able to persuade victims to enter financial information, leaving them vulnerable to identity theft and fraud, including the opening of credit cards in the victim’s name.
Themed phishing emails have been sent thousands of times, using eye-catching subjects like “Important Action Required: IRS Audit” and “Notification: The IRS has flagged issues with your tax return.” These strategies are designed to create a sense of urgency, leading victims to act impulsively without adequately considering the associated risks.
Some campaigns start with a seemingly innocuous email from a fictitious character to establish trust, followed by a second message that includes a malicious PDF. This technique increases the likelihood that recipients will download the harmful content due to the trust previously established.
One of the most common malware types in these campaigns is GuLoader, which is characterized as a “highly evasive malware downloader” that uses encrypted shellcode, process injection, and cloud hosting services to deliver payloads such as information stealers and RATs.
Microsoft has also pointed out other phishing attempts posing as Booking.com, utilizing powerful malware to steal credentials. Education on the dangers of phishing is presented as the best defense, as being informed and staying calm can help prevent individuals from clicking on malicious links or entering their credentials.