With the 2018 tax season in full swing, AppRiver wants to make sure taxpayers are aware of the many dangers we see surrounding this event each year.
In fact, curiosity and uncertainty surrounding recent tax law changes may leave many individuals more susceptible to falling victim to one of the many tax-themed attacks that are seen this time of year. These attacks come in many forms and aim to harvest users’ credentials, scam funds and infect individuals and corporate networks.
CPA firms target of tax season scams
One malware campaign AppRiver has been tracking is targeting CPA firms to infect them with the Adwind RAT. The emails are somewhat vague and come with an infected archive that contains the Java-based Trojan that can infect cross-platforms. It is also capable of infecting not only Windows OS but also Linux, Mac and Android.
Once the infection has taken place, it can harvest and exfiltrate many forms of data from the victim. We also have seen some payload variation with this attack as some have been utilizing malicious URL’s embedded in PDF files.
Another attack takes aim at users of online tax service provider Taxslayer. These messages also are serving up malware with a malicious URL in the body of the message. These attacks are posing as privacy and security updates, which is a very common technique used to dupe end-users.
Messages like this one utilizing company official graphics, spoofed senders, security updates, etc… are sent by the millions and could APPEAR to come from a company or agency that are very familiar. As the deadline to file taxes approach, we anticipate a surge in these type of attacks.
Here are some tips from the National Cybersecurity Society to help you protect yourself this tax season.
Reputable companies and/or tax agencies such as TaxSlayer, TurboTax, etc. will never send attachments in unsolicited email.
If you get any notifications that require action on your end, reach out to the entity directly (not by email reply) for details.
Be skeptical of any unsolicited emails or phone calls requesting personal information from you.