Malware Hidden In Tax Emails
It is February and that time of the year again. Many have already filed their taxes, while many others are still waiting to collect those last few tax documents so that we can file our tax return for 2011. This time every year we begin to see a massive influx of tax related virus and phishing messages. This year is no different and we are seeing many such scams.
Today the most prevalent attack is one that invokes the INTUIT name in an attempt to gain the end users trust. For those of you who don’t recognize the INTUIT name, they are the maker of the ever-popular tax software TurboTax. The scam begins with an email that appears to come from INTUIT INC. The message body informs you that they have uncovered an issue with your account that requires your attention. Of course you are provided with a link to do so. While most people are savvy enough to know not to click on a link in an unsolicited email, there may be some who don’t really see this as ‘unsolicited’. If one had recently filed via TurboTax or had recently logged in to start the process for this year, then it may not seem strange that they are contacting them now. Of course this is what the scammers are looking for when they choose this social engineering tactic this time each year.
The link in the message leads to an invisible install of a Trojan horse via some malicious Java script. Once this is in place the attacker will fit them with whatever malware suits his fancy.
Here is a look at the malicious email:
These well timed malware campaigns will always be more effective when the scammers can add an air of authenticity. Most people know that the IRS will not send links in an email but it may seem reasonable that their tax software provider would, especially if they were using it recently. Steer clear of this and all the many other tax scams this year and keep that refund in your hands.