The info-stealing malware is banking on your taxman fears in a new wave of attacks.
It is that dreaded time of year again: as the tax season in the United States looms, hackers worldwide are rubbing their hands in glee at the opportunity.
There's little more terrifying than the prospect of receiving an unexpected demand for money from the Internal Revenue Service (IRS) or equivalent organizations, and as both consumers and businesses are working to make sure they hit their April 15 tax filing deadlines, cybercriminals are capitalizing on the process through phishing schemes.
Cybercriminals worldwide use similar tactics in phishing schemes designed to steal your financial information. They often masquerade as well-known organizations, including banks, the IRS, and student loans companies, and attempt to create fear in their targets.
People in a panic are less likely to think rationally about bogus payment demands, and may be more likely to fall for a phishing email -- especially when coupled with a legitimate-looking website designed to accept 'payments' and steal account credentials at the same time.
According to IBM X-Force, tax-related scams are in full swing, and many this year are focused on the business segment and deployment of the
TrickBot Trojan.
On Monday, X-Force researchers Martin Steigemann and Ashkan Vila
said that three spam campaigns, in particular, are of interest this year. The phishing schemes are designed to dupe victims into accepting malicious Microsoft Excel documents containing embedded, obfuscated macros by pretending to be accounting, tax, and payroll services companies.
The spoofed companies include payroll management firm Paychex and HR services company ADP. Both corporate and personal email addresses are being targeted -- but business email compromise (BEC) scams are far more lucrative, given that firms usually have more funds to hand than a typical consumer.
"Once TrickBot is installed on a potentially vulnerable device and can reach other devices on the network, it can further spread and pivot," the researchers noted. "Finding only one unaware person in an organization is usually enough for attackers to get their foot in the door."
