Beware Targeted Data-Stealing Tax Scam
A fresh round of targeted e-mail attacks is underway, arriving in messages that personally address both the recipient and his or her employer. One pretends to be sent from the IRS requesting more information about company tax filings. Another set of targeted e-mails purport to be sent from Microsoft, urging recipients to download and install a new security update. Both try to trick the user into installing software that steals personal and financial data from the victim's PC.
The messages spoofing the IRS are very convincing (you can see a copy of one sent to one of the corporate finance officer for Sunbelt Software at this link here). The attached file, a screensaver file made to look like an Adobe PDF file named "tax_refund_file.scr", when clicked, silently downloads malware and pops up a seemingly random PDF document as a diversion.
The Microsoft attack arrives in an e-mail with the subject heading: "Critical Patch Released: Microsoft Security Bulletin MS08-64738". The wording of that subject line strikes me as a sly dig at Redmond, which issues its security updates sequentially and doesn't typically issue more than 100 such updates a year. This imaginary update, on the other hand, claims to be the 64,738th patch from Microsoft this year!
Matthew Richard, director of rapid response for iDefense, a VeriSign company, said both attacks appear to have been engineered by the same groups responsible for at least 25 distinct, similarly targeted malware campaigns launched since Feb. 2007, including one spoofing the the U.S. Justice Department. Richard said this latest IRS scam has already tricked more than 1,600 people into opening the malicious attachments.
April 4, 2008; 2:22 PM ET
Categories: Latest Warnings
Save & Share: Previous: Consumers Report $239 Million Lost To Cyber Fraud In '07
Next: Opera Updates and a Black Tuesday Preview
Posted by: Del | April 14, 2008 3:51 PM | Report abuse
Posted by: Peter | April 15, 2008 6:15 PM | Report abuse
Posted by: marvin barker | April 16, 2008 7:29 AM | Report abuse
Posted by: qbrcwayx iaytpfdx | April 17, 2008 2:31 PM | Report abuse
Posted by: pfvty lbph | April 17, 2008 2:31 PM | Report abuse
The comments to this entry are closed.