As usual, the approaching tax season (April 15th is Tax Day in the US) also comes with tax-related online threats. With unemployment rates reaching record highs this year, cybercriminals have yet another opportunity to polish their social engineering techniques.
Last year, spammed messages supposedly from the Internal Revenue Service (IRS) delivered malware into systems. The email messages were sternly-worded. The intention was to alarm recipients of what these same messages claimed were incomplete tax forms, which could lead to tax avoidance fraud. High-profile institutions, including Fortune 500 companies and US Defense contractors, were prominent targets of this attack.
This year, cybercriminals offer their recipients ways to save money by supposedly reducing their expenses on tax preparation transactions. The recent email samples no longer purport to come from the IRS, though. They do, however, offer tax relief services for tax help-seekers. And instead of downloading malware, unknowing users are tricked into giving out personal and sensitive information to phishers.
Links on the email message in Figure 1 redirect users to a site (Figure 2) that prompts them to fill out a form. The various bits of personal information keyed in by users in this said form are logged and then stolen by phishers. The threat does not end there. Other windows load after users complete the form:
Figures 3 and 4 are supposedly credit-related sites, but like the tax relief page they also steal sensitive and confidential user information. The spammers/phishers behind this threat have thus fashioned the attack to be both timely and seemingly relevant by exploiting the tax season as well as recession-related concerns.
The IRS recently set up an information page in response to this threat. Users are advised to refrain from clicking links in unwanted and unsolicited email messages. The Trend Micro Smart Protection Network already blocks the spammed messages, keeping the inboxes of Trend Micro users clean.