Tax-related phishing scams aren’t new. Whenever U.S. Tax Day rolls around in mid-April, it is preceded by months of crescendoing activity around tax-themed social engineering attacks. But cybercriminals are getting smarter with each passing Tax Day, and their ingenuity is endless. Microsoft this morning published an exposé of sorts, into the workings of cyberthreats such as phishing and malware attacks during tax season.
The attacks come in many ways and in many forms, like the ongoing attacks using fraudulent tax refund emails that exploited the fact that British taxpayers were anxiously awaiting information about their tax refunds after the tax filing season ended in January 2017.
The authenticity and appearance of the emails vary, but in every case there’s a link that the attacker wants you to click on, which then takes you to a phishing page on the web that asks for personal information.
Microsoft showed how Microsoft SmartScreen on Internet Explorer and Microsoft Edge blocks access to such sites with a big warning that you won’t be able to ignore or overlook:
Yikes, I know. But as any mother says, “It’s good for you.”
Then there’s the ‘receipt for tax filed’ attack where the bad actor sends you a message with an attachment to download. Click on that and it releases the payload, in some cases a banking Trojan that sends keystroke information back to the attacker, who uses that to figure out your usernames and passwords for online banking, social media, etc.
The methods are as tricky as they are varied, as outlined below:
- Someone pretends to ask a CPA for help, along with a document with malicious code that runs as soon as it’s downloaded – a macro code.
- Fear is the worst bait. The “Subpoena from IRS” attack is extremely effective because it preys on the fears of U.S. taxpayers. The attacker sends a malicious code that downloads and installs even more malware without your knowledge.
- Tax overdue notices are another fear-based ploy that uses links that people quickly click on without thinking because they’re concerned about their tax situation.
It’s not surprising that the Microsoft Malware Protection Center published this article almost four weeks ahead of Tax Day. It’s another opportunity to showcase Windows 10, Microsoft Edge and their superior security capabilities.
Features like Windows Defender Antivirus and SmartScreen (on Microsoft Edge), as well as business and enterprise security solutions, can help reduce the impact of such attacks during the tax season.
Microsoft is leaving no stone unturned in its push for greater Windows 10 adoption. As such, publishing this blog piece could be perceived as another in a series of actions they’ve undertaken over the past few months to get people to move out of Windows 7 and Windows 8.1 and into Windows 10.
Thanks for reading our work! Please bookmark 1redDrop.com to keep tabs on the hottest, most happening tech and business news from around the world. On Apple News, please favorite the 1redDrop channel to get us in your news feed.