Tax Season Scams: Microsoft Warns of Phishing Attacks

As the April 15 U.S. Tax Day approaches, cybercriminals are intensifying their efforts to exploit the season’s urgency through sophisticated tax scam phishing campaigns. Microsoft has identified several such campaigns that employ tax-related themes to deceive individuals and organizations, aiming to steal credentials and deploy malware.

Tactics Employed by Cybercriminals

These phishing campaigns utilize various methods to evade detection and increase their effectiveness:

• Malicious Attachments and QR Codes: Attackers send emails with PDF attachments containing links or QR codes that redirect users to fraudulent websites. These sites often mimic legitimate services, such as DocuSign, to trick users into downloading malware or divulging sensitive information.
• Abuse of Legitimate Services: To lend credibility to their attacks and bypass security filters, threat actors exploit legitimate platforms like file-hosting services and business profile pages. By hosting malicious content on these trusted services, they increase the likelihood of user engagement.
• Phishing-as-a-Service (PhaaS): Some campaigns are facilitated by platforms like RaccoonO365, which provide ready-made phishing kits. These services enable less technically skilled attackers to launch effective phishing attacks that evade traditional cybersecurity software detection and prevention methods.

Notable Malware Deployed

The identified campaigns have been linked to the distribution of various malware strains, including:

• BruteRatel C4 (BRc4): A sophisticated red-teaming and adversarial attack simulation tool that, if in the wrong hands, can be used for malicious purposes.
• Latrodectus: A malware loader that facilitates the delivery of additional malicious payloads onto compromised systems.
• Remcos RAT: A remote access trojan that allows attackers to gain control over infected devices, enabling data theft and further exploitation.

Recommendations for Protection

To safeguard against these tax-themed phishing attacks, consider the following measures:

• Educate Employees: Conduct regular training sessions to inform staff about the latest phishing tactics and how to recognize them.
• Empower Employees to Outsmart Phishing: A positive reinforcement approach builds strong detection and response habits, while strengthening trust between IT and employees.  CyberHoot performs positive reinforcement phishing simulations that are hyper-realistic.
• Avoid Enabling Macros: Do not enable macros in Microsoft Office documents received via email unless absolutely certain of their legitimacy.
• Hover Over Links: Before clicking on any link, hover over it to preview the URL and ensure it directs to a legitimate website.
• Update Software Regularly: Keep all software, especially security tools, up to date to benefit from the latest protections against emerging threats

Educating staff that hackers often exploit societal pain points, like tax season, and use fear tactics such as late filing threats is so important! This awareness helps build a strong defense-in-depth cybersecurity program that reduces the risk of breaches from tax scams or other seasonally focused attacks.

Secure your business with CyberHoot Today!!!

Sign Up Now

Not ready to sign up yet, but want to learn more? Attend our monthly webinar to see a demo of CyberHoot, ask questions, and learn what’s new.  Click the Green Box below to Register.  You want to, I can feel it!

Webinar Registration

 Additional Reading:

• Hacker News: Microsoft Warns of Tax-Themed Email Attacks Using PDFs and QR Codes to Deliver Malware
• Microsoft: Threat actors leverage tax season to deploy tax-themed phishing campaigns