Beware: Fake IRS tax email wants your Microsoft account

Last week, the IRS reminded taxpayers that Tax Day, April 18, is Tuesday this week. However, in some states like Alabama, California, and New York, the federal office extended the filing deadlines due to natural disasters. This is an excellent reason for scammers to keep launching tax scam campaigns even when tax is due tomorrow for most Americans.

Just a few weeks ago, we wrote about a fake IRS tax email carrying a malware payload: Emotet. Now, our Senior Director of Threat Intelligence, Jerome Segura, has found an email with the title “IRS Notice of intent to seize (Levy) Your Property or rights to property”, which was purportedly sent by “Tax IRS 152”.

The email, with an HTML file attachment, contains a short message:

Please note: [redacted]

<=> For information please continue to check here or use our free mobile=app. Updates status are made no more than once a day.

Opening the attached HTML file reveals a Microsoft email phishing page. According to Segura, stolen data is sent to a Telegram channel via a bot. So, avoid giving away your credentials, especially if your Microsoft email is tied to a business, if you don’t want scammers hijacking your account and using it for more nefarious purposes.

Avoiding tax scams

Here are some ways you can outsmart tax fraudsters and keep one step ahead of the phishing, malware, and social engineering attacks that come around every year during tax season.

  • File early. One of the quickest ways to stumble into a trap is to leave filing your tax return until the last minute. That added pressure can mean responding to fake emails you otherwise would have ignored.
  • Be careful around suspicious refunds. Tax agencies have a proper process for issuing refunds, as found on their websites. Some, like HMRC, are very clear that refunds are never issued by email. If in doubt, phone the tax office directly and ask if what you have is the real deal or a fake.
  • Beware of fake bank portals. Some tax scams will ask you who you bank with, and then open up a phishing page for that bank. Always navigate directly to your banking website, click throughs and redirects typically spell danger.
  • Avoid the pressure pitch. Tax scammers like to hurry you along to data theft and malware installs. Claims of only having 24 or 48 hours to file for a refund should be treated with skepticism. As with most solutions for these forms of social engineering, contact the tax entity directly.

Malwarebytes removes all remnants of ransomware and prevents you from getting reinfected. Want to learn more about how we can help protect your business? Get a free trial below.

TRY NOW

https://blog.malwarebytes.com/feed/