HomeSecurity ArchitectureMicrosoft cautions about new tax return phishing scams aiming at you

Microsoft cautions about new tax return phishing scams aiming at you

Published on

spot_img

The rise in tax phishing scams has prompted Microsoft to issue a warning to taxpayers about the increasing threat of cybercriminals targeting personal and financial data during the tax season. These scams are becoming more sophisticated, with cybercriminals impersonating trusted sources and using urgency tactics to trick individuals into providing sensitive information.

According to Microsoft Threat Intelligence, specific groups are more vulnerable to these scams, including new taxpayers, recent immigrants with green cards, small business owners who file their taxes independently, and older adults who may be less familiar with tax procedures. These groups are often targeted because of their potential lack of knowledge about tax-related matters, making them more susceptible to falling for phishing tactics.

The cybercriminals behind these scams are employing various strategies to deceive individuals, such as sending emails disguised as employers, tax agencies, or payment processors. These emails may contain blurry or incomplete tax documents to create a sense of urgency and compel recipients to click on malicious attachments. Once clicked, these attachments may contain malware designed to steal login credentials or redirect individuals to fake websites that capture their personal information.

One recent scam involved emails purportedly sent by employers containing tax documents. Clicking on the attached HTML file led recipients to a fake landing page where their login credentials were stolen. Microsoft Threat Intelligence has also identified phishing campaigns associated with Phishing-as-a-Service (PhaaS) platforms like Tycoon and NakedPages, which leverage tax-related themes for social engineering tactics.

The Tycoon PhaaS platform was involved in a campaign where deceptive emails posing as official tax forms led victims to a phishing page designed to harvest sensitive information. Similarly, the AiTM phishing kit NakedPages was used in another phishing effort where fraudulent emails disguised as tax adjustment documents redirected recipients to phishing pages, demonstrating the sophisticated nature of these attacks.

Both Tycoon and NakedPages are known for their automation capabilities in conducting phishing activities and their ability to bypass multi-factor authentication through adversary-in-the-middle techniques, further amplifying the threat posed by these campaigns. These attacks aim to steal sensitive data, including cryptocurrency wallet information and login credentials stored in various applications, putting individuals and organizations at risk of financial losses and compromised identities.

To protect themselves from tax-related phishing scams, Microsoft advises individuals to remain vigilant throughout the tax season. It is essential to avoid clicking on suspicious links or attachments in emails, even if they appear to come from a familiar source. If in doubt, individuals should contact the sender directly through a verified phone number or website to confirm the legitimacy of the email. By staying informed and cautious, individuals can reduce the risk of falling victim to tax phishing scams and safeguard their personal and financial information.

Source link

Latest articles

Attackers Abuse Google Ad Feature to Target Slack, Notion Users

 Attackers are once again abusing Google Ads to target people with info-stealing malware, this time...

Hackers allege to have infiltrated computer network of Israeli nuclear facility

An Iran-linked hacking group has declared that they successfully breached the computer network of...

Hacker allegedly uses white-hat approach to exploit crypto game for $4.6M

In a surprising turn of events, the food-themed crypto game Super Sushi Samurai fell...

Reducing Threats from the IABs Market

As ransomware attacks continue to escalate in frequency and severity, one of the key...

More like this

Attackers Abuse Google Ad Feature to Target Slack, Notion Users

 Attackers are once again abusing Google Ads to target people with info-stealing malware, this time...

Hackers allege to have infiltrated computer network of Israeli nuclear facility

An Iran-linked hacking group has declared that they successfully breached the computer network of...

Hacker allegedly uses white-hat approach to exploit crypto game for $4.6M

In a surprising turn of events, the food-themed crypto game Super Sushi Samurai fell...
en_USEnglish