Technology
Scammers use tax-themed emails to infect PCs with malware
Follow @https://twitter.com/PCMag
PCMag.com is a leading authority on technology, delivering Labs-based, independent reviews of the latest products and services. Our expert industry analysis and practical solutions help you make better buying decisions and get more from technology.
Watch out for tax scams popping up in your email inbox. They can often be rigged to secretly install malware onto your computer.
As the April 15th filing deadline approaches, IBM says it’s recently detected a wave of tax-themed phishing messages targeting both businesses and personal email addresses. The emails have been crafted to deliver a Trojan called Trickbot, which can steal bank account information from your internet sessions.
According to IBM, the scammers have been delivering the Trickbot Trojan by pretending to send emails from well-known payroll and HR firms such as Paychex and ADP. Unlike shoddy spam email campaigns, the messages from the scammers will generally be free of spelling or grammar mistakes.
The same messages will also come from legitimate-looking email addresses such as “@adpnote.com” or “@paychex.mail.” But in reality, the domains are actually under the scammers’ control.
“The messages were quite simple, only claiming to contain an attachment of tax or billing records,” IBM said in a report, documenting the attacks. “To reinforce the illusion of legitimacy, the signatures of each of the emails mimic typical business signatures, including a name, job title and contact details, as well as mock email footers that the cybercriminals may have copied from legitimate business emails.”
Victims fooled by the official-looking emails will open the attachment not realizing it’s been rigged to deliver the Trickbot malware to their computer. The attachment will appear as a Microsoft Excel document, but it actually contains a secret macrocommand that’s designed to download and execute Trickbot’s malicious code over a PC.
Although Trickbot has been largely used to steal banking login credentials from victims, it can be used to cause all kinds of mayhem. “If your computer is infected with TrickBot, the cybercriminals operating it have complete control and can do just about anything they wish on your device, including spreading to other computers on your network and emptying your company’s bank accounts, potentially costing millions of dollars,” IBM said.
The infection will also occur in the PC’s background processes, so most users probably won’t even be aware that anything is wrong. But once activated, the Trojan can takeover your PC’s browser to direct you to look-alike banking webpages that the scammers have designed to steal your login information.
According to IBM, the scammers have been busying sending their tax-theme messages since late January. To stay safe, the company encourages users to disable macros by default on Office documents. If you do choose to enable macros on a document, make sure whomever sent it is a trusted source.
Microsoft has also noticed tax-themed phishing messages targeting users. Some of them will include an Office document in the attachment that even tries to trick you into enabling macros. For instance, the attachments will claim your software is out-of-date or needs to be updated for security purposes.
This article originally published at PCMag
here
-
Entertainment7 days ago
‘Only Murders in the Building’ Season 4 ending explained: Who killed Sazz and why?
-
Entertainment6 days ago
When will we have 2024 election results online?
-
Entertainment7 days ago
5 Dyson Supersonic dupes worth the hype in 2024
-
Entertainment5 days ago
Halloween 2024: Weekend debates, obscure memes, and a legacy of racism
-
Entertainment6 days ago
Social media drives toxic fandom. Is there a solution?
-
Entertainment5 days ago
Is ‘The Substance’ streaming? How to watch at home
-
Entertainment5 days ago
M4 MacBook Pro vs. M3 MacBook Pro: What are the differences?
-
Entertainment3 days ago
Menendez brothers case reignites online: The questions that keep resurfacing