Scammers capitalizing on tax season to spread Zeus

Share this article:

Cybercriminals have been capitalizing on tax season by sending messages that appear to come from the Internal Revenue Service but actually lead to the data-stealing trojan Zeus, researchers at anti-virus firm Trend Micro warned Thursday.

The messages ask users to follow a link and review their tax statement to fix errors related to unreported or under-reported income, according to Trend Micro. The URL leads users to a variant of Zeus, which steals information from compromised systems and sends it back to attackers.

With the tax deadline nearing, these types of scams are likely to ramp up, US-CERT warned on Thursday. Other phishing and malware campaigns taking advantage of tax season could include offers to help recipients file for a refund or details about fake e-file websites.

The IRS last week warned users about phishing, as part of its annual “dirty dozen” list of tax scams. Scammers will try and obtain users' personal information by impersonating the IRS in emails, tweets and phony websites, the agency warned. For example, scammers will likely tell consumers they are entitled to a tax refund, but they must reveal personal information to claim it.

“Taxpayers should be wary of anyone peddling scams that seem too good to be true,” IRS Commissioner Doug Shulman said in a statement. “The IRS fights fraud by pursuing taxpayers who hide income abroad and by ensuring taxpayers get competent, ethical service from qualified professionals at home in the U.S.”

Taxpayers who receive a message claiming to come from the IRS should not open any attachments or click on any links, the IRS warned.

Share this article:

Sign up to our newsletters

More in News

Leahy bill would end bulk data collection, introduce reforms

Leahy bill would end bulk data collection, introduce ...

Sen. Patrick Leahy introduced an NSA reform bill that would update the USA Freedom Act.

House passes two cyber security bills

One bill aims to improve agencies' website security, while another works to thwart critical infrastructure attacks.

A five-month-long Tor attack attempting to 'deanonymize' users

For roughly five months beginning in January, traffic confirmation attacks were used to attempt to "deanonymize" Tor users.