• Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
HackRead
  • April 23rd, 2021
  • Home
  • Advertise
  • Privacy Policy
  • Contact Us
HackRead
  • Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
  • Follow us
    • Facebook
    • Twitter
    • Linkedin
    • Youtube
Home
Cyber Crime
Scams and Fraud

US Citizens Targeted with Ransomware via Fake IRS Tax Return Emails

April 17th, 2015 Waqas Cyber Crime, Scams and Fraud 0 comments
US Citizens Targeted with Ransomware via Fake IRS Tax Return Emails
Share on FacebookShare on Twitter

Tax Return-themed Emails make Users in America the Target of Ransomware – Attackers sending genuine-looking Internal Revenue Service (IRS) tax refund messages.

Today, when the culture of filing tax reports in the United States has come to an end, cybercriminals have instigated their phishing lure and are busy distributing fake emails that appear to be from the IRS about pending refunds.

Cybercriminals are relying upon highly advanced social engineering skills for producing a believable message that also contains legitimate links. This way attacker enhances the message’s reliability. In this particular phishing, lure cyber criminals have created an email that seems to be genuine communication from the Internal Revenue Service (IRS).

Here is a screenshot of the scam email sent to users:

us-citizens-targeted-with-ransomeware-via-fake-irs-tax-return-emails

Here is an excerpt from the fake email that is being sent to users in the US:

“Additional information regarding tax refunds can be found on our website: http://www.irs.gov/Refunds [legitimate URL]. Please note that IRS will never ask you to disclose personal or payment information in an email.”

The advice and the legitimate link both are devised to enhance the user’s confidence in the email’s validity.

Must Read: New crypto ransomware encrypts files then disguises them as quarantined

Cyber criminals using compromised server in China:

This malicious campaign is designed to get ransomware installed on the victim’s computer through an infected email involving a compromised web server in China.

Kaspersky’s Dmitry Bestuzhev states that attackers conducted similar operation earlier in April. That campaign utilized a malicious script that was stored on an anonymous paste site called Pastebin.

In this particular case, cybercriminals have encoded a malicious script and chose a Chinese machine to host it. The machine contains the instructions for the final payload download.

Must Read: Famous Games Hijacked for Ransom Through TeslaCrypt Ransomware

Tracking user into enabling Macro in MS Office:

To initiate the attack, a genuine-looking email is sent to the victim informing about an important tax refund. There is a Word document attached, which apparently is a copy of the sanctioned tax return form. This Word file contains a macro that instantly connects to the remotely stored script. The script has the instructions along with the malware link to be downloaded.

Microsoft Office components by default have set Macros as disabling but the attackers have inserted gibberish text in Word document enabling the victim to enable Macros to read the text.

Must Read: Police Dept. in Massachusetts Paid Crypto-Malware Ransom to Retrieve Files

Kaspersky has identified this ransomware ad Trojan-Ransom.Win32.Foreign.mfbg. This campaign doesn’t encrypt the data on a computer but blocks the internet access and asks for ransom paid via prepaid cards like MoneyPak.

The victim is required to pass on the card’s code to an SMS number for paying the ransom and getting the computer’s function restored.

Follow @HackRead

  • Tags
  • Cyber Crime
  • IRS
  • Macro
  • Malware
  • Privacy
  • Ransomware
  • security
  • Tax
  • USA
Facebook Twitter LinkedIn Pinterest
Previous article University of Toronto Website Hacked by pro-ISIS Hackers
Next article Hacker who revealed aircraft can be hacked offloaded by FBI
Waqas

Waqas

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

Related Posts
Hacked Android phones mimicked connected TV products for fake ad views

Hacked Android phones mimicked connected TV products for fake ad views

Facebook ads used in spreading Facebook Messenger phishing scam

Facebook ads used in spreading Facebook Messenger phishing scam

Combatting Email Spam - What you should know

Combatting Email Spam - What you should know

Newsletter

Get the best stories straight into your inbox!



Don’t worry, we don’t spam

Latest Posts
Hacked Android phones mimicked connected TV products for fake ad views
Cyber Crime

Hacked Android phones mimicked connected TV products for fake ad views

Signal CEO hacks Cellebrite cellphone hacking, cracking tool
Hacking News

Signal CEO hacks Cellebrite cellphone hacking, cracking tool

Play Store apps plagued with malware have 700,000 downloads
Security

Play Store apps plagued with malware have 700,000 downloads

HACKREAD is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends. Founded in 2011, HackRead is based in the United Kingdom.

Follow us