Jump to content

Beware: Fake IRS tax email wants your Microsoft account


David H. Lipman

Recommended Posts

Beware: Fake IRS tax email wants your Microsoft account

Posted: April 17, 2023 by Jovi Umawing

Quote

Last week, the IRS reminded taxpayers that Tax Day, April 18, is Tuesday this week. However, in some states like Alabama, California, and New York, the federal office extended the filing deadlines due to natural disasters. This is an excellent reason for scammers to keep launching tax scam campaigns even when tax is due tomorrow for most Americans.

Just a few weeks ago, we wrote about a fake IRS tax email carrying a malware payload: Emotet. Now, our Senior Director of Threat Intelligence, Jerome Segura, has found an email with the title "IRS Notice of intent to seize (Levy) Your Property or rights to property", which was purportedly sent by "Tax IRS 152".

The email, with an HTML file attachment, contains a short message:

Please note: [redacted]

<=> For information please continue to check here or use our free mobile=app. Updates status are made no more than once a day.

Opening the attached HTML file reveals a Microsoft email phishing page. According to Segura, stolen data is sent to a Telegram channel via a bot. So, avoid giving away your credentials, especially if your Microsoft email is tied to a business, if you don't want scammers hijacking your account and using it for more nefarious purposes.

easset_upload_file96572_262885_e.png

Avoiding tax scams

Here are some ways you can outsmart tax fraudsters and keep one step ahead of the phishing, malware, and social engineering attacks that come around every year during tax season.

  • File early. One of the quickest ways to stumble into a trap is to leave filing your tax return until the last minute. That added pressure can mean responding to fake emails you otherwise would have ignored.
  • Be careful around suspicious refunds. Tax agencies have a proper process for issuing refunds, as found on their websites. Some, like HMRC, are very clear that refunds are never issued by email. If in doubt, phone the tax office directly and ask if what you have is the real deal or a fake.
  • Beware of fake bank portals. Some tax scams will ask you who you bank with, and then open up a phishing page for that bank. Always navigate directly to your banking website, click throughs and redirects typically spell danger.
  • Avoid the pressure pitch. Tax scammers like to hurry you along to data theft and malware installs. Claims of only having 24 or 48 hours to file for a refund should be treated with skepticism. As with most solutions for these forms of social engineering, contact the tax entity directly.

 

  • Like 2
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.