Scammers capitalizing on tax season to spread Zeus

Share this article:

Cybercriminals have been capitalizing on tax season by sending messages that appear to come from the Internal Revenue Service but actually lead to the data-stealing trojan Zeus, researchers at anti-virus firm Trend Micro warned Thursday.

The messages ask users to follow a link and review their tax statement to fix errors related to unreported or under-reported income, according to Trend Micro. The URL leads users to a variant of Zeus, which steals information from compromised systems and sends it back to attackers.

With the tax deadline nearing, these types of scams are likely to ramp up, US-CERT warned on Thursday. Other phishing and malware campaigns taking advantage of tax season could include offers to help recipients file for a refund or details about fake e-file websites.

The IRS last week warned users about phishing, as part of its annual “dirty dozen” list of tax scams. Scammers will try and obtain users' personal information by impersonating the IRS in emails, tweets and phony websites, the agency warned. For example, scammers will likely tell consumers they are entitled to a tax refund, but they must reveal personal information to claim it.

“Taxpayers should be wary of anyone peddling scams that seem too good to be true,” IRS Commissioner Doug Shulman said in a statement. “The IRS fights fraud by pursuing taxpayers who hide income abroad and by ensuring taxpayers get competent, ethical service from qualified professionals at home in the U.S.”

Taxpayers who receive a message claiming to come from the IRS should not open any attachments or click on any links, the IRS warned.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

President signs Executive Order to improve payment security

President signs Executive Order to improve payment security

President Obama signed an Executive Order at the Consumer Financial Protection Bureau calling for enhanced security measures, including microchips and PINs.

Security, tech firm coalition fights Hikit actors, other advanced groups

Security, tech firm coalition fights Hikit actors, other ...

The coalition began as an effort to stop the spread of the Hikit trojan, previously known for targeting U.S. defense contractors.

Phishing email delivers keylogger malware, also takes screenshots

Phishing email delivers keylogger malware, also takes screenshots

The malware has various features, including the ability to start persistently, take screenshots and bypass user access controls.