Home  ›  Malware  ›  Malware Analysis  ›  News and Indicators - Latest topics

“Urgent reminder” tax scam wants to phish your Microsoft credentials

on Post a Comment

Tax season is in full force, and with the filing deadline fast approaching on April 15, scammers are happy to use that sense of urgency to coax us into handing them our cash.

Introduction to Malware Binary Triage (IMBT) Course

Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor.

Enroll Now and Save 10%: Coupon Code MWNEWS10

Note: Affiliate link – your enrollment helps support this platform at no extra cost to you.

In one example, one of our customers recently received an email with an attachment titled “Urgent reminder.” The attachment was a PDF file with a QR code in it.

important tax review

“Tax Services Department

Important Tax Review and Update Required by

2025-03-16!

Dear receiver,

As part of our ongoing efforts to ensure compliance with the latest tax regulations, we

are conducting a mandatory review and update of your tax records. This update must

be completed by 2025-03-16 to avoid any potential penalties or disruptions to your

account.

To proceed with the update, please scan the QR code below with your mobile device or

click the link provided to access the secure tax portal. Once logged in, follow the

prompts to review and confirm your tax information.

Thank you for your prompt attention to this matter.

Tax Services Team

This is an automated message. Please do not reply to this email.”

If the receiver were to scan the QR code, they would be sent to a phishing site. The destination is hidden through a clever use of doubleclick.net redirects.

Lucky for our customer, Malwarebytes had already blocked the real destination.

Malwarebytes blocks fmhjhctk.ruMalwarebytes blocks fmhjhctk.ru

When we disabled our protection to see where the QR code led, we first had to pass the bot protection:

Verifying encryption before network

And then we were asked for our Microsoft credentials with the email address already filled out.

enter password

Entering your password will send your credentials to a Russian receiver, who will decide what the most profitable way to use them is. Perhaps they’ll sell the details on the dark web, or use them for themselves to get access to your Microsoft accounts.

But that’s just one example of a tax scam.

The IRS’s annual Dirty Dozen list of tax scams shows common schemes that threaten your tax and financial information. And, although these scams do appear year-round, tax season is when they reach their peak level.

One of the pitfalls the IRS warns about is bad tax advice provided on social media, as submitting false information to the IRS could land you in serious trouble. An example is the so-called “self-employment tax credit” which does exist in some countries, but the US is not one of them. Last year the misinformation was so rampant that the IRS issued a warning about it.

The other big type of scams are phishing emails, like we saw above. Even though scammers can use Artificial Intelligence to create convincing emails that appear to come from the IRS, there are often some tell-tale signs of social engineering attempts:

  • Too good to be true: Huge, unexpected tax returns are usually just an incentive to get you to surrender private information in the hopes of obtaining that sum.
  • Urgency is always implied, because the scammers do not want you to think things through.
  • The IRS rarely contacts people by email. And when it does, it is only to send general information and in an ongoing case with an assigned IRS employee. So receiving an email should be an immediate pause for thought.

Avoiding scams

These days it has become increasingly difficult to navigate your way online without being exposed to a scam. People have become accustomed to trusting their search engine and naturally follow the different paths laid in front of them.

While some websites look obviously fake to someone, they may fool someone else. At the same time, the tools to build convincing schemes are readily available to anyone for free.

  • Before calling a number, ensure that it is legitimate by visiting the official site directly.
  • Beware of unsolicited phone calls or emails, especially those that ask you to act immediately.
  • Beware of impersonators who may hide behind sponsored results and instead click on organic search results.
  • Always check the website you visit by looking at the address bar. If in doubt, close the page and open a new one.
  • If a website asks you for a small fee upfront it likely is trying to get your credit card information to sell you more expensive services.
  • Never send sensitive personal information such as your bank account, charge card, or Social Security number by email. Instead use a secure method such as your online account or another application on IRS.gov.
  • Use security software that blocks phishing domains and other scam sites. Malwarebytes Premium does this, leaving your computer and financial assets protected.

The IRS has a specific page dedicated to helping you identify if it’s really them reaching out to you or a scammer. Study that guide before making any rash decisions.

We don’t just report on threats – we help safeguard your entire digital identity

Cybersecurity risks should never spread beyond a headline. Protect your—and your family’s—personal information by using identity protection.

Article Link: "Urgent reminder" tax scam wants to phish your Microsoft credentials | Malwarebytes

1 post - 1 participant

Read full topic



Malware Analysis, News and Indicators - Latest topics
Malware Malware Analysis News and Indicators - Latest topics
Sp123
"The real threat is actually not when the computer begins to think like a human, but when humans begin to think like computers."

Post a Comment

Post a Comment