- Criminals use the tax deadline of April 15 to deceive the victims
- Phishing attacks used to deliver malware and infostators
- This leaves victims at risk of fraud and theft of identity, as well as monetary loss
With the deadline of April 15 for tax declarations in the United States, a new Microsoft report warned that phishing campaigns use it to encourage people to put their personal information.
The company says that social engineering attacks have been observed using redirection methods such as QR codes, URL shortcutors and other malicious attachments to provide malware like Latrodectus, Bruteratel C4 (BRC4) and Ahkbot as well as distance access horses (Rats).
The day of the tax specifically represents a serious risk, the many who are looking for assistance in depositing taxes, and criminals can convince victims to seize their financial information – which leaves people at risk of identity or fraud, in particular criminals who withdraw credit cards on behalf of the victim.
Tax threats
The thematic phishing emails have been sent thousands of times, notes Microsoft, using messaging subjects as “Important action required: audit IRS” and “Opinion: IRS reported problems with your income declaration”.
These are designed to create a feeling of urgency, which is panic victim to play without correctly considering the risks.
Some campaigns have even started with “a neat e-mail to create a false character relationships” to attract recipients, followed by a second e-mail containing a malicious PDF-a technique that increases smooth prices on useful malicious charges thanks to the confidence established between the attacker and the victim.
Popular malware delivered in these campaigns is a guy, a “very elusive malware downloader” which operates encrypted Shellcode, process injection and cloud -based accommodation services in order to provide useful loads such as infosteralists and rats.
Criminals often take advantage of events or services, with Microsoft warning of a new phishing campaign that has usurped the identity of Booking.com, deployment of powerful malware to steal identification information.
The most effective defense against phishing attacks is education – knowing what to seek and staying calm in order to avoid being convinced to click on malicious ties or to enter identification information.
We have listed everything you need to know about phishing to help you protect yourself.
