Wave of tax-themed spam in US

By Isabelle Chaize

Researchers at Symantec have been noticing new types of spam attacks which capitalise on the approaching US tax deadline.

The tax-themed attacks trick users into downloading malware by various methods, one of which is an message sent from an email address which appears to be a genuine Internal Revenue Service (IRS) address. The email contains information about filing taxes, and informs the victim that there is a recently passed law which means that in order to file their taxes they must download special software, provided by the IRS at a website, a link to which is also included in the message.

Once the user goes to the website, which seems like an official IRS page although it is actually a page created by virus writers in order to install the malware, they download the software willingly believing it to be from the IRS, and the Trojan is installed on their machine.

Another attack imitates the TurboTax software, used for tax preparation. The user receives an email telling them that due to a new law, they have to update their software. In a similar fashion to the IRS scam, the user is directed to a fake TurboTax website, downloads the software provided, and unwittingly installs a Trojan.

The TurboTax attack can be detected by the distinctive turbotax.cn domain of the sender, and the fact that the download page address is also suspicious looking.

Kelly Conley, a researcher at Symantec, said that the difference between most spam attacks and these new tax-related ones is that the new type are more malicious, since they lead to the installation of a Trojan.

She warned ‘Be alert during tax season for those preying on you for sinister purposes such as stealing of personal information and spreading viruses. Above all, do not download anything on your computer unless you are sure that it is what it says it is and comes from someone you know and trust or a reputable company.’