logo logo

The next-generation blog, news, and magazine theme for you to start sharing your stories today!

The Blogzine

Save on Premium Membership

Get the insights report trusted by experts around the globe. Become a Member Today!

View pricing plans

New York, USA (HQ)

750 Sing Sing Rd, Horseheads, NY, 14845

Call: 469-537-2410 (Toll-free)

hello@blogzine.com

Microsoft warns accounting and tax return firms of a new phishing attack ahead of US Tax Day

avatar
Louis Ferguson

An editor at Blogzine

  • 🕑 2 minutes read
  • 2 Views
Microsoft warns accounting and tax return firms of a new phishing attack ahead of US Tax Day

Benjamin Franklin once wrote, “The only two certainties in life are death and taxes”. With the annual US Tax Day approaching on Tuesday, April 18, we might include a third certainty to that list: internet scams. This week, Microsoft’s security division put out an alert on a new phishing scam that’s targeting accounting and tax return firms ahead of Tax Day.

Microsoft’s blog post says that the company noticed the new scams in February. They are being sent out by hackers who hope they can deliver the Remcos remote access trojan to a PC. Remcos is designed to enter Windows PCs and take over administrator privileges remotely. Microsoft says:

While social engineering lures like this one are common around Tax Day and other big topic current events, these campaigns are specific and targeted in a way that is uncommon. The targets for this threat are exclusively organizations that deal with tax preparation, financial services, CPA and accounting firms, and professional service firms dealing in bookkeeping and tax.

Microsoft phishing email example

Naturally, these types of firms get very busy this time of year ahead of Tax Day with clients emailing them information about their taxes and financial information. Microsoft says that this phishing campaign has sent out emails that look like they come from a client of an accounting or tax firm. They contain a link to a real file-sharing service, with a real Amazon Web Services click-tracking link.

Unfortunately for the person who clicks on that link, they will then be taken to the file-sharing site, where the hacker has placed Windows shortcut (.LNK) files. Microsoft says:

These LNK files generate web requests to actor-controlled domains and/or IP addresses to download malicious files. These malicious files then perform actions on the target device and download the Remcos payload, providing the actor potential access to the target device and network.

The good news for Windows PC users who work in those financial firms is that Microsoft 365 Defender and Microsoft Defender Antivirus can detect these malicious files and prevent the remote takeover of their PCs. Obviously, those users should always be suspicious of any emails that have links to file-sharing sites, especially from clients that they don’t know.

How to convert FAT32 to NTFS without losing data in Windows 11/10?
Can’t change or create a new Power Plan in Windows 11

Related post

Step-by-Step Guide to Install and Configure DNS on Windows Server
Step-by-Step Guide to Install and Configure DNS on Windows Server
  • by TWCB
Disabling Overtype Mode in Notepad on Windows 11
Disabling Overtype Mode in Notepad on Windows 11
  • by TWCB
A Comprehensive Guide on Using Event Viewer in Windows 11
A Comprehensive Guide on Using Event Viewer in Windows 11
  • by TWCB
Troubleshooting Windows PC Boot Issues After Installing Graphics Drivers
Troubleshooting Windows PC Boot Issues After Installing Graphics Drivers
  • by TWCB
How to Fix Windows Domain Name Resolution Issues
How to Fix Windows Domain Name Resolution Issues
  • by TWCB
Accessing Onion Links Without Using the Tor Browser
Accessing Onion Links Without Using the Tor Browser
  • by TWCB

Leave a Reply

Your email address will not be published. Required fields are marked *
Next post
Bad habits that people in the industry need to quit
Image