Posted on February 9, 2016
Cybercriminals are taking advantage of the tax season to launch a variety of scams aimed at gathering your data.
Cyberattack experts recently discovered a new phishing campaign that sends a fraudulent email disguised as a legitimate refund message from the Internal Revenue Service (IRS). The email’s subject line says “Payment for tax refund #00 [then 6 random numbers]” and the body of the email includes the following zip attachment: Tax_Refund_00654767.zip -> Tax_Refund_00654767.doc.js.
Clicking on the attachment and bypassing system warning messages will result in downloading two malware programs, Kovter and CoreBot.
The use of fake IRS emails is not new, but increases during tax time. Many phishing emails claim to have refund or stimulus payment information and target corporate executives. Some will contain malware attachments, others will have links to websites that contain malware.
In addition to malware, consumers are threatened via email or phone unless they make “overdue tax payments”. The IRS NEVER requests payments via phone or email.