HQ/EMEAFind out how we can help your business
Threat actors and scammers have started to deploy their plethora of tax-related scams as the tax season begins. The Internal Revenue Service (IRS) has emphasized the surging trend of these scams, reminding everyone about the billions of dollars they lost to such attacks last year.
Researchers warn everyone regarding the threat group, TACTICAL#OCTOPUS, since this group uses tax-related email lures to disseminate malware. The group utilises valid employee I-9 forms, W-2 tax documents, and real estate purchase contracts to deceive targets into downloading malware onto their systems.
The cyberattack commonly begins with emails that include password-protected archives with tax-related subjects, such as JRCLIENTCOPY3122[.]zip or TitleContractDocs[.]zip. In addition, the zip file is a single image archive that further causes the malware execution in follow-up stages.
The malware, once installed, will allow its operators to access victims’ systems, gather clipboard data, and record keystrokes.
Cybercriminal groups have been waiting for the tax season to arrive annually to spread their tax-related scams.
Cybersecurity experts explained that since it is time-sensitive, the threat actors want to spread their tax-related scams and frauds during tax season. Most targets start settling their tax returns, increasing the chances of falling victim to scams.
Additionally, the threat actors will harvest valuable information from these campaigns since their targets could quickly provide their personal and financial data. The scammers could use the data for other malicious purposes, such as tax fraud and identity theft.
Last week, the Emotet group also used tax-related baits to target taxpayers. The operation allowed the threat actors to impersonate an inspector from the IRS and disseminate compromised emails with the subject line “IRS Tax Forms W-9.”
The Internal Revenue Service has published a guideline to warn taxpayers about these emerging threats in the upcoming tax filing season. Cybersecurity experts also reminded users to remain wary of unsolicited emails and text scams related to tax refunds.
Users should know the common scams that target taxpayers during filing season.
