Scammers capitalizing on tax season to spread Zeus

Cybercriminals have been capitalizing on tax season by sending messages that appear to come from the Internal Revenue Service but actually lead to the data-stealing trojan Zeus, researchers at anti-virus firm Trend Micro warned Thursday.

The messages ask users to follow a link and review their tax statement to fix errors related to unreported or under-reported income, according to Trend Micro. The URL leads users to a variant of Zeus, which steals information from compromised systems and sends it back to attackers.

With the tax deadline nearing, these types of scams are likely to ramp up, US-CERT warned on Thursday. Other phishing and malware campaigns taking advantage of tax season could include offers to help recipients file for a refund or details about fake e-file websites.

The IRS last week warned users about phishing, as part of its annual “dirty dozen” list of tax scams. Scammers will try and obtain users' personal information by impersonating the IRS in emails, tweets and phony websites, the agency warned. For example, scammers will likely tell consumers they are entitled to a tax refund, but they must reveal personal information to claim it.

“Taxpayers should be wary of anyone peddling scams that seem too good to be true,” IRS Commissioner Doug Shulman said in a statement. “The IRS fights fraud by pursuing taxpayers who hide income abroad and by ensuring taxpayers get competent, ethical service from qualified professionals at home in the U.S.”

Taxpayers who receive a message claiming to come from the IRS should not open any attachments or click on any links, the IRS warned.