1. Forum
  2. FidoNet
  3. CONSPRCY

  • Look out for tax-themed s

    From Mike Powell@1:2320/105 to All on Saturday, April 05, 2025 09:42:00
    Look out for tax-themed scams this month, Microsoft warns

    Date:
    Sat, 05 Apr 2025 11:27:00 +0000

    Description:
    Social engineering attacks are taking advantage of US tax day.

    FULL STORY

    With the April 15 deadline for tax filings in the US fast approaching, a new report from Microsoft has warned phishing campaigns are using it as a way to trick people into handing over their personal information.

    The company says social engineering attacks have been observed using redirection methods like QR codes, URL shorteners, and other malicious attachments to deliver malware like Latrodectus, BruteRatel C4 (BRc4) and AHKBot as well as remote access trojans (RATs).

    Tax day specifically represents a serious risk the many who are looking for help in filing taxes, and criminals can convince victims to enter their financial information - which leaves people at risk of identity theft or
    fraud, especially criminals taking out credit cards in the victims name.

    Tax-centric threats

    The themed phishing emails have been sent thousands of times, Microsoft
    notes, using email subjects like Important Action Required: IRS Audit and Notice: IRS Has Flagged Issues with Your Tax Filing.

    These are designed to create a sense of urgency, which panics victims into acting without properly considering the risks.

    Some campaigns even started with a benign rapport-building email from a fake persona to lure recipients in, followed by a second email containing a malicious PDF - a technique which increases the slick rates on the malicious payloads thanks to the established trust between the attacker and victim.

    A popular malware delivered in these campaigns is GuLoader, a highly evasive malware downloader which leverages encrypted shellcode, process injection,
    and cloud-based hosting services in order to deliver payloads like
    infostealers and RATs.

    Criminals often take advantage of events or services, with Microsoft warning about a new phishing campaign impersonating Booking.com , deploying powerful malware to steal credentials.

    The most effective defence against phishing attacks is education - knowing
    what to look for and staying calm in order to avoid being convinced to click malicious links or to enter credentials.

    Weve listed everything you need to know about phishing to help keep you safe.

    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/look-out-for-tax-themed-scams-this-mont h-microsoft-warns

    $$
    --- SBBSecho 3.20-Linux
    * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)