HomeCyber BalkansTax Phishing Campaigns are Stealing Credentials

Tax Phishing Campaigns are Stealing Credentials

Published on

spot_img

Microsoft has recently issued a warning about an increase in phishing campaigns that are exploiting tax-related themes to distribute malware and steal sensitive information. These campaigns are utilizing various tactics such as URL shorteners, QR codes, and malicious attachments to bypass detection by security systems. By leveraging phishing-as-a-service (PhaaS) platforms like RaccoonO365, attackers are distributing remote access trojans like Remcos RAT, as well as other post-exploitation malware such as Latrodectus, AHKBot, and GuLoader.

One specific phishing campaign that was identified in February 2025 targeted hundreds of individuals in the United States. The attackers sent out tax-themed phishing emails, many of which contained PDF attachments with links redirecting recipients to fake Docusign pages. These fake pages were designed to deceive victims into downloading malware like BRc4 or Latrodectus through JavaScript files and MSI installers. In a clever twist, the victim’s system or IP address determined whether they were redirected to a harmless PDF or exposed to harmful malware. Subsequently, Microsoft detected a second wave of phishing emails aimed at more than 2,300 U.S. organizations, with a particular emphasis on sectors such as IT, engineering, and consulting.

In a different approach to phishing, some of these fraudulent emails included QR codes that linked to fake Microsoft 365 login screens. By tricking users into entering their credentials on these pages, the attackers were able to steal valuable login information. Additionally, some campaigns utilized AHKBot and GuLoader to introduce additional malware into the victim’s system. AHKBot infections typically started with malicious Microsoft Excel files containing macros that, when activated, would download an AutoHotKey script. This script would then capture screenshots and send them to remote servers. On the other hand, GuLoader would deliver a .bat file that installed the Remcos remote access trojan.

These phishing campaigns are part of a wider trend in cybercrime that has seen an increase in phishing and social engineering attacks targeting both Europe and the United States. Researchers have also observed a rise in campaigns utilizing QR codes to camouflage malicious URLs, often redirecting victims through open redirects on legitimate websites. To combat these threats effectively, cybersecurity experts recommend implementing phishing-resistant authentication methods and utilizing security tools that can block malicious domains and websites.

Overall, the surge in phishing campaigns exploiting tax-related themes and using sophisticated tactics like URL shorteners, QR codes, and malicious attachments underscores the growing need for enhanced cybersecurity measures. Organizations and individuals must remain vigilant and proactive in protecting their sensitive information from falling into the hands of cybercriminals. Vigilance, awareness, and robust cybersecurity defenses are crucial in the ongoing fight against phishing attacks and other cyber threats.

Source link

Latest articles

Senior Executives Undermining Your Shadow AI Strategy

In the realm of artificial intelligence, the imperative for executive alignment, robust governance, and...

Cyber Briefing – July 16, 2026: CyberMaterial

Cybersecurity Briefing: Urgent Updates and Vulnerabilities In a rapidly evolving digital landscape, organizations are grappling...

Marlinspike Capital Transforms the Cybersecurity Investment Playbook

Navigating the Intersection of National Security, AI, and Cybersecurity: Insights from Marlinspike Co-Founders Marlinspike, a...

More like this

Senior Executives Undermining Your Shadow AI Strategy

In the realm of artificial intelligence, the imperative for executive alignment, robust governance, and...

Cyber Briefing – July 16, 2026: CyberMaterial

Cybersecurity Briefing: Urgent Updates and Vulnerabilities In a rapidly evolving digital landscape, organizations are grappling...