Windows 10 News and info | Forum
September 22, 2019, Loading... *
Welcome, Guest. Please login or register.

Login with username, password and session length
News: This is a clean Ad-free Forum and protected by StopForumSpam, Project Honeypot, Botscout and AbuseIPDB | This forum does not use audio ads, popups, or other annoyances. New member registration currently disabled.
 
  Website   Home   Windows 8 Website GDPR Help Login Register  
By continuing to use the site or forum, you agree to the use of cookies, find out more by reading our GDPR policy.
Pages: [1]
  Print  
Share this topic on Del.icio.usShare this topic on DiggShare this topic on FacebookShare this topic on GoogleShare this topic on MySpaceShare this topic on RedditShare this topic on StumbleUponShare this topic on TechnoratiShare this topic on TwitterShare this topic on YahooShare this topic on Google buzz
Author Topic: IRS Warns Taxpayers of New Scam Campaign Distributing Malware  (Read 45 times)
javajolt
Administrator
Hero Member
*****
Offline Offline

Gender: Male
United States United States

Posts: 30475


I Do Windows


WWW Email
« on: August 24, 2019, 02:30:07 AM »
ReplyReply

The Internal Revenue Service (IRS) issued today a warning to alert taxpayers and tax professionals of an active IRS impersonation scam campaign sending spam emails to deliver malicious payloads.

This warning was issued after the IRS received several reports from taxpayers during this week regarding unsolicited messages with "Automatic Income Tax Reminder" or "Electronic Tax Return Reminder" subjects, coming from scammers impersonating the U.S. revenue service with the help of spoofed email addresses.

"The emails have links that show an IRS.gov-like website with details pretending to be about the taxpayer's refund, electronic return or tax account," says IRS' warning.

"The emails contain a 'temporary password' or 'one-time password' to 'access' the files to submit the refund. But when taxpayers try to access these, it turns out to be a malicious file."

Malware distributed to targets

More to the point, after entering the password issued in the spam message, the targets would unintentionally download malware that could allow the malicious actors to either harvest sensitive info or take control of their victims' compromised systems.

Quote
This new scam uses dozens of compromised websites and web addresses that pose as IRS.gov, making it a challenge to shut down. By infecting computers with malware, these imposters may gain control of the taxpayer's computer or secretly download software that tracks every keystroke, eventually giving them passwords to sensitive accounts, such as financial accounts. - IRS


"The IRS does not send emails about your tax refund or sensitive financial information," stated IRS Commissioner Chuck Rettig. "This latest scheme is yet another reminder that tax scams are a year-round business for thieves. We urge you to be on guard at all times."

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) also urges users and administrators to review the CISA Tip on how to avoid phishing and social engineering attacks.

This warning comes after the IRS issued a joint news release with the US tax industry and state tax agencies in late July to remind professional tax preparers that they are required by federal law to have a data security plan in place.

Earlier tax and IRS themed attacks

Today's alert can help both tax pros and taxpayers to combat attacks designed to steal sensitive info, such as attack campaigns that are targeting the tax season using realistic phishing emails containing malicious attachments.

In 2018, tax pros were targeted by a malspam campaign also distributing emails pretending to come from the IRS which allowed threat actors to infect their targets' computers with a Rapid Ransomware variant.

Back in 2017, the IRS issued another warning regarding a phishing attack posing as official IRS communications and attempting to lure targets into clicking a link or downloading a malicious file which would infect them with ransomware.

Attackers also use phone scams, as observed in 2016, to pose as the IRS and to ask potential victims to extinguish outstanding debts of thousands of dollars via gift card payments.

source
Logged


Pages: [1]
  Print  
 
Jump to:  

Powered by SMF 1.1.21 | SMF © 2017, Simple Machines

Google visited last this page September 10, 2019, 08:58:41 PM