Tax themed phishing and malware attacks increase during the months leading up to the April 18th tax filing deadline.
What is Phishing?
Criminals send out a wave of spam email. Each email contains a message that appears to come from a well-known and trusted company. Usually the message includes the company's logo and name, and it often tries to evoke an emotional response to a false crisis. Couched in urgent, business-like language, the email often makes a request of the user's personal information.
What is Malware?
It is an abbreviated term meaning “malicious software.” This is software that is specifically designed to gain access or damage a computer without the knowledge of the owner. Types of malware include spyware, adware, phishing, viruses, trojan horses, worms, rootkits, ransomware and browser hijackers.
Malware most commonly gets access to your device through the Internet and via email, though it can also get access through hacked websites, game demos, music files, toolbars, software.
[May We Suggest Reading: FBI Issues Public Service Announcement of Ransomware]
Here are Some Examples Microsoft has Seen.
Tax refund: “You are eligible!”
An enticing bait attackers use says that you’re eligible for a tax refund. Microsoft is seeing several phishing campaigns targeting taxpayers in the United Kingdom, where tax filing season ended in January. These attacks are targeting people who might be waiting for information about their tax refund.
These kinds of phishing emails pretend to come from HM Revenue and Customs, the tax collection body in the UK. These mails vary in how legitimate they appear, but in all cases the attackers want you to click a link in the mail. The link points to a phishing page that will ask for sensitive information.
Image from Microsoft Malware Protection Blog
Tax filed: “Payment has been debited from your account”
Another cybercriminal tactic is to pretend to deliver a receipt for taxes filed. A recent example is a malicious email with the subject “Rs. 73,250 TDS Payment Has Been Debited from your Account”. TDS refers to Tax Deducted at Source, which is the method of collecting tax in India.
The message body says, “Kindly download and view your receipt below attached to this email.” The attachment plays the part and bears the name Income Tax Receipt.zip.
How to stay safe from social engineering attacks.
Use Office 365 Advanced Threat Protection, which has machine learning capability that blocks dangerous email threats, such as social engineering emails that carry malware or phishing links.
IT administrators can use Group Policy in Office 2016 to block known malicious macros, such as the documents used in these social engineering attacks, from running.
For more information, download and read this Microsoft e-book on preventing social engineering attacks.