Microsoft warns for tax-themed malware and phising

Microsoft warns for tax -themed malware attacks and phishing scams. Especially users in the United States and the United Kingdom are currently targeted. Cybercriminals target them because it’s Tax-day on the 18th of April in the United States and because British users are waiting for information on their tax returns after their tax filing season ended at the end of January.

Microsoft warns for tax-themed malware and phising

The mails targeted at British users appears to come from HM Revenue and Customs, the tax collection body in the UK. They try to bait users by subjects stating users are eligible for a refund. The mails all try to trick the user into clicking a link that points to a phishing site where the criminals ask for sensitive information.

Cybercriminals also use scare tactics. Users in the United States report they’ve received mails accusing them of overdue tax others receive emails with a subject like  ‘Subpoena of the IRS’. Users are then asked to download a report, if they click the link they are again asked for sensitive information.  In other occasions the cybercriminals refer to an attachment that when opened installs malware on the computer.

Sometimes the attachment is a Word document with malcious macros. The first page of the document asks the user to enable a ‘media dynamic content’ plugin or to ‘enable editing of the protected document’. In reality it tricks the user into enabling macros. Once macros are enabled malware is downloaded to the computer.

“Tax-themed malware and phishing attacks highlight an important truth: most cybercrime is after your hard-earned money.  But these attacks rely on social engineering tactics — you can detect them if you know what to look for,” Microsoft writes.

The company goes on with the advice, “be aware, be savvy, and be cautious in opening suspicious emails. Even if the emails came from someone you know, be wary about opening the attachment or click on links. Some malicious emails may be spoofing the sender.”

Most browser vendors also try to protect users against phishing sites with Safebrowsing (Google, Firefox) or Smart Screen (Edge).