Microsoft warns for tax-themed malware and phising

Posted 20 March 2017 18:12 CEST by Jan Willem Aldershoff

Microsoft warns for tax -themed malware attacks and phishing scams. Especially users in the United States and the United Kingdom are currently targeted. Cybercriminals target them because it’s Tax-day on the 18th of April in the United States and because British users are waiting for information on their tax returns after their tax filing season ended at the end of January.

The mails targeted at British users appears to come from HM Revenue and Customs, the tax collection body in the UK. They try to bait users by subjects stating users are eligible for a refund. The mails all try to trick the user into clicking a link that points to a phishing site where the criminals ask for sensitive information.

Cybercriminals also use scare tactics. Users in the United States report they’ve received mails accusing them of overdue tax others receive emails with a subject like  ‘Subpoena of the IRS’. Users are then asked to download a report, if they click the link they are again asked for sensitive information.  In other occasions the cybercriminals refer to an attachment that when opened installs malware on the computer.

Sometimes the attachment is a Word document with malcious macros. The first page of the document asks the user to enable a ‘media dynamic content’ plugin or to ‘enable editing of the protected document’. In reality it tricks the user into enabling macros. Once macros are enabled malware is downloaded to the computer.

“Tax-themed malware and phishing attacks highlight an important truth: most cybercrime is after your hard-earned money.  But these attacks rely on social engineering tactics — you can detect them if you know what to look for,” Microsoft writes.

The company goes on with the advice, “be aware, be savvy, and be cautious in opening suspicious emails. Even if the emails came from someone you know, be wary about opening the attachment or click on links. Some malicious emails may be spoofing the sender.”

Most browser vendors also try to protect users against phishing sites with Safebrowsing (Google, Firefox) or Smart Screen (Edge). settings

Several settings at can be changed, they are stored in cookies, which means they will be reset if you clear cookies


Change the background to a plain color or trianglified image (similar to the default image)

No tracking features

At Myce most social media feature are done server side and impose no privacy risk to the visitor when not used. Several features use Javascript with you can turn off here


Switch to the List layout for an index with chronologycally listed news items or Grid layout for a block based layout. To see the change you need to reload the page