Select Page

Cyren Security Blog

The Cyren Security Blog is where Cyren engineers and thought leaders provide insights, research and analysis on a range of current cybersecurity topics.

US taxpayers beware

Cybercriminals targeting US taxpayers have launched a second wave of phony “tax payment rejected” emails. The first major outbreak started around June 21st. As before the emails warn recipients that their tax payments, submitted via the IRS’s electronic payment system, have been rejected. To understand why, recipients are provided with a link to a “self extracting” Adobe PDF file. This file is malware.

The attacks are working; recipients are opening the malware. How do we know?

  • The new attack is identical to that launched 2 weeks ago – this replication means that the “open rate” was good for the first round.
  • Numerous recipients have complained when the emails have been quarantined or placed in “junk mail” folders, believing that the emails are genuine and that they have been incrorrectly labelled as spam.
  • A further 1000 new domains have been created to host the malware (in the previous attack the number exceeded 2500).

The warnings on the IRS site (and numerous existing blog posts and articles) describe fake emails from the IRS and describe them as phishing attacks. These have taken place for a few years. The attacks of the last few weeks however are malware related – not phishing attacks. The installed malware has a much broader threat potential then phishing aimed at a particular organization.

Email text:

Your federal Tax payment (ID: ---), recently initiated from your checking account
 was rejected by the The Electronic Federal Tax Payment System. 
Rejected Tax transfer
Tax Transaction ID:                 -----
Rejection Reason                     See details in the report below 
Tax Transaction Report tax_report_-----.pdf.exe (self-extracting archive, Adobe PDF) 
Internal Revenue Service, Metro Plex 1, 8401 Corporate Drive, Suite 300, Landover, MD 20785

You might also like

Phishing with QR codes

Don’t Scan or be Scammed By Maharlito Aquino, Kervin Alintanahin and Dexter To In 1994, a type of the matrix barcode known as the Quick Response code, now widely known as QR code, was invented by Masahiro Hara from a Japanese company Denso Wave. The purpose of the...