Watch out for these tax-themed phishing and malware scams

With the US tax deadline approaching, it's prime time for cybercriminals to attempt to steal your money or data.
Written by Danny Palmer, Senior Writer

VIDEO: Doing your taxes? Email scams taxpayers should look out for

Criminals sometimes take advantage of big events such as the Olympic Games to lure victims into hacks and cyber attacks.

It isn't as glamorous as a big sporting occasion, but the US tax season, now in full steam ahead of the April 18 filing deadline, is a prime time for cybercriminals to steal financial information and personal data.

When people are concerned about finances they either owe or are owed, it's an opportunity for hackers to fraudulently pose as the tax collector in an effort to carry out phishing attacks, or distribute malware and ransomware.

The IRS recently issued a warning on phishing scams targeting US tax payers, many of whom are set to do their taxes over the next month. Now cybersecurity researchers at Microsoft Malware Protection Center have identified some of the last-minute email scams taxpayers should look out for ahead of the April 18 tax deadline.

One scaremongering tactic sees cybercriminals posing as 'tax specialists' at the US Internal Revenue Service, claiming the victim owes tax and warning if they don't respond within a day they'll be fined. A 'report' about the situation is behind a link within the email, which of course isn't any sort of real demand for tax, but a phishing page designed to steal data.

In this scenario, cybercriminals are playing on the 'one day' time limit in the hope that worried victims will hand over their data.


Phishing scam email claiming to be from the IRS.

Image: Microsoft

Another phishing scam takes playing on fear a step further: it claims to be an order to attend court from the IRS.

The message contains a Microsoft Word document which instructs the victim to enable editing in order to see the content, thus enabling the malicious macros in the document to get to work and download a Zdowbot Trojan malware onto the machine. With this malware installed, cybercriminals can monitor the victims' every action and freely download and install other malware.


Phishing lure threatening the victim with court.

Image: Microsoft

It isn't just taxpayers who criminals are targeting; the high demand for accountants during the tax season makes them lucrative targets too -- especially as the potential for new business means they're more likely to open emails from unknown contacts. Hackers know this and are using this to their advantage.

Writing to accountants with subjects such as 'Tax assistance needed', cybercriminals are fraudulently claiming to be individuals who need help with doing their taxes, which are said to be viewable in an attached document.

Naturally, this document is malicious, claiming the target needs to enable content in order to see the contents of the message. Following this instruction enables macros, which install the Omaneat info-stealing malware, capable of logging keystrokes, monitoring applications, and tracking web browsing history -- giving criminals access information the accountant processes. Not only does this put the accountant at risk, but client data could also be compromised and stolen.


Cybercriminal targeting an accountant with a false request for help.

Image: Microsoft

These are just a handful of examples of cybercriminal schemes, but ultimately, any phishing or malware scheme is after the same thing: money or data. While phishing emails are becoming increasingly sophisticated via the use of advanced social engineering tactics, you can detect them if you know what to look for.

"Be aware, be savvy, and be cautious in opening suspicious emails. Even if the emails came from someone you know, be wary about opening the attachment or click on links. Some malicious emails may be spoofing the sender," say Microsoft cybersecurity researchers.

And remember: the tax collector will never ask for your bank account details or other personal data to be sent over email. If an email asks for that, it's a scam.


Editorial standards