Here Come the Tax Spammers!

23 Feb 2012

minute read

Authors

Tim Armstrong

It’s that time of year again, time to fill out your taxes and pay your part. We’ve seen more than a few examples of Tax and IRS related spam.
Yesterday I received mail with an interesting approach:

Well, I thought, that’s strange because I don’t own a business, and I haven’t filed my taxes yet. It is somewhat notable how well the email is written. Proper grammar and spelling is attempted, but to a native English speaker it’s not quite right.
When checking out the link, I was first brought to an intermediate page here:

After which nothing happened. The reason that nothing happened is that the javascript that is running in the background is trying to load a web page known for hosting the BlackHole exploit kit. However the page is now down, so the exploit didn’t work. Even if it had successfully reached the page, Kaspersky detected this URL and blocked access:

Please be extra cautious of clicking any links in your email this tax season. If you’re not sure whether an email is legitimate, go directly to the IRS website and start there. Make sure you’re using a quality internet security suite, and make sure to keep it updated. And pay your taxes!

Authors

Tim Armstrong

Here Come the Tax Spammers!

Latest Posts

Latest Webinars

Reports

Roaming Mantis (a.k.a Shaoye) is a long-term cyberattack campaign that uses malicious Android package (APK) files to control infected Android devices and steal data. In 2022, we observed a DNS changer function implemented in its Android malware Wroba.o.

We continue to track the BlueNoroff group’s activities and this October we observed the adoption of new malware strains in its arsenal.

In this report, we compare the ROADSWEEP ransomware and ZEROCLEARE wiper versions used in two waves of attacks against Albanian government organizations.

While hunting for less common Deathstalker intrusions, we identified a new Janicab variant used in targeting legal entities in the Middle East throughout 2020.

Here Come the Tax Spammers!

GReAT Ideas. Balalaika Edition

GReAT Ideas. Green Tea Edition

GReAT Ideas. Powered by SAS: malware attribution and next-gen IoT honeypots

GReAT Ideas. Powered by SAS: threat actors advance on new fronts

GReAT Ideas. Powered by SAS: threat hunting and new techniques

We Need More Than Jelly Bean

Is Google confused about Android security?

Will the PIN hacks be the end of Google Wallet?

Are Mobile Advertisers Getting Too Aggressive?

What to Do About Carrier IQ

Mass email campaign with a pinch of targeted spam

Text-based fraud: from 419 scams to vishing

HTML attachments in phishing e-mails

Phishing-kit market: what’s inside “off-the-shelf” phishing packages

Happy New Fear! Gift-wrapped spam and phishing

Latest Posts

The state of stalkerware in 2022

The mobile malware threat landscape in 2022

Spam and phishing in 2022

IoC detection experiments with ChatGPT

Latest Webinars

ChatGPT – good or evil? AI impact on cybersecurity

Crimeware and financial predictions for 2023

Advanced persistent threat predictions for 2023

Reversing mobile threats in 2022

Reports

Roaming Mantis implements new DNS changer in its malicious mobile app in 2022

BlueNoroff introduces new methods bypassing MoTW

Ransomware and wiper signed with stolen certificates

DeathStalker targets legal entities with new Janicab variant

Subscribe to our weekly e-mails