Threat intelligence firm Resecurity details how crooks are delivering IRS tax scams and phishing attacks posing as government vendors.
Cybercriminals are leveraging advanced tactics in their phishing-kits granting them a high delivery success rate of spoofed e-mails which contain malicious attachments right before the end of the 2021 IRS income tax return deadline in the U.S. April 18th, 2022 ā there was a notable campaign detected which leveraged phishing e-mails impersonating the IRS, and in particular one of the industry vendors who provide solutions to government agencies which including e-mailing, digital communications management, and the content delivery system which informs citizens about various updates.
Cybercriminals purposely choose specific times when all of us are busy with taxes, and preparing for holidays (e.g., Easter), thatās why you need to be especially careful during these times.
The IT services vendor actors impersonated is widely used by major federal agencies, including the DHS, and other such WEB-sites of States and Cities in the U.S. The identified phishing e-mail warned the victims about overdue payments to the IRS, which should then be paid via PayPal, the e-mail contained an HTML attachment imitating an electronic invoice.
Notably, the e-mail doesnāt contain any URLs, and has been successfully delivered to the victimās inbox without getting flagged as potential spam. Based on the inspected headers, the e-mail has been sent through multiple āhopsā leveraging primarily network hosts and domains registered in the U.S.:
Itās worth noting, on the date of detection none of the involved hosts have previously been āblacklistedā nor have they had any signs of negative IP or abnormal domain reputation:
The HTML attachment with the fake IRS invoice contains JS-based obfuscated code.
Scam Me If You Can: Simple Strategies to Outsmart Today’s Rip-off Artists