During tax season, threat actors reliably take advantage of the urgency and familiarity of time-sensitive emails, including refund notices, payroll forms, filing reminders, and requests from tax professionals, to trick targets into opening malicious attachments, scanning QR codes, or following multi-step link chains. Every year, there is an observable uptick in tax-themed campaigns as Tax Day (April 15) approaches in the United States, and this year is no different.
When tax season becomes cyberattack season: Phishing and malware campaigns using tax-related lures
Summary: Threat actors exploit the urgency of tax season with phishing and malware campaigns, targeting individuals and professionals. Microsoft Threat Intelligence identifies specific tactics like credential theft and malware delivery.
Key facts
- Threat actors use tax season to launch phishing and malware campaigns.
- Recent campaigns targeted individuals, accountants, financial services, education, IT, insurance, and healthcare industries.
- Campaigns involved Energy365 PhaaS kit and SneakyLog phishing kit.
- Phishing lures included QR codes, Excel attachments, and OneNote files.
Why it matters
Threat actors exploit tax season to target individuals and professionals with phishing attacks and malware campaigns, compromising sensitive data and financial information. This poses a significant risk to businesses and personal finances, highlighting the need for robust cybersecurity measures during peak activity periods.
Key metrics
- Number of observed tax-themed campaigns: Multiple
- Industries targeted: Financial services, education, IT, insurance, healthcare