Beware: malicious mailshots, phishing increase in Q2
Kaspersky experts detected multiple malicious mailshots with phishing links disguised as offers for tax refunds worldwide during the second quarter of 2019, the Internet security company said on Tuesday.
The period is traditionally used as a deadline for filing tax returns and refunds in many countries.
Criminals and hackers tried to steal valuable information, or in some cases, install dangerous spyware. This and other findings are revealed in the firm’s Spam and Phishing in Q2 2019 report, which also noted that these attacks are becoming more common in Thailand.
Email or mailshots with spam and malicious phishing attempts usually contain links that lead users to a seemingly legitimate Web page, but are created by fraudsters and aimed at stealing personal information.
In the second quarter this year, more than 9 per cent of users in Thailand were infected, compared to 7 per cent during the same period last year, the report said. These mailshots often exploit seasonal activities to strike victims harder than usual using fraudulent tricks, as there is less awareness around them compared to permanent threats. Scammers can use one of the most effective social engineering techniques, giving the victim a limited amount of time to act, justifying it with real-life circumstances, and therefore forcing the person to make spontaneous decisions.
The detected wave of tax refund fraud came under the guise of tax refund letters with short expiration dates. For instance, malefactors used fake major UK tax services to urge victims to follow the link and fill out the form immediately, while emails under the guise of the Canada Revenue Agency gave targeted victims just 24 hours to respond, stating that “otherwise a tax refund would not be possible”.
Some of the emails analysed by Kaspersky experts included malicious attachments, disguised as a copy of the return form, which in fact was either a malicious downloader, which would download more malicious programs onto users’ computers when launched, or backdoor multifunctional malware that provided criminals with remote access to the infected machine. Its capabilities include monitoring keystrokes, stealing passwords for browsers and Windows accounts and recording video from the computer’s webcam, the report added. To convince users to open and launch such malicious files, fraudsters usually make it look like a .zip file containing important information for tax form updates.
“Seasonal spam and phishing can be extremely effective, since the emergence of such email letters is sometimes expected, unlike most ‘unique offer’-type scams,” Kaspersky security researcher Maria Vergelis said.
“Moreover, with phishing attacks, the tricked victim might not even realise he/she was subjected to a cyberattack and had exposed their credentials, until it is too late and then they suffer the consequences. The good news is that there are security solutions that not only block malware from being launched and notify the user about threats, but also have spam and phishing filters that prevent such emails from appearing in one’s inbox,” she said.
