On Monday, Jan 29th, officially opened its 2018 season. Some taxpayers already filed their taxes and know it too. So, right after two days of the official season opening, we got phishing messages with a fake refund status Websites:

- irs refunds phish 01 - Cybercriminals target early IRS 2018 refunds now

The link in the email leads to a hacked Brazilian restaurant, redirecting to Website with Australian domain zone.

- irs refunds phish 02 - Cybercriminals target early IRS 2018 refunds now

So, the whole scheme is to steal credit card information of the taxpayers expecting a tax refund from IRS. Both URLs are blocked by Kaspersky Anti-Phishing now.

The mentioned Website was hacked and includes an old Webshell uploaded back to 2016.

- irs refunds phish 03 - Cybercriminals target early IRS 2018 refunds now

Should we expect more campaigns like this? Definitely yes. Stay watchful and don’t lose your !



Source link

LEAVE A REPLY

Please enter your comment!
Please enter your name here