TZUTC: -0500   
   MSGID: 890.consprcy@1:2320/105 2c567b83   
   PID: Synchronet 3.20a-Linux master/acc19483f Apr 26 202 GCC 12.2.0   
   TID: SBBSecho 3.20-Linux master/acc19483f Apr 26 2024 23:04 GCC 12.2.0   
   BBSID: CAPCITY2   
   CHRS: ASCII 1   
   Look out for tax-themed scams this month, Microsoft warns   
      
   Date:   
   Sat, 05 Apr 2025 11:27:00 +0000   
      
   Description:   
   Social engineering attacks are taking advantage of US tax day.   
      
   FULL STORY   
      
   With the April 15 deadline for tax filings in the US fast approaching, a new   
   report from Microsoft has warned phishing campaigns are using it as a way to   
   trick people into handing over their personal information.    
      
   The company says social engineering attacks have been observed using   
   redirection methods like QR codes, URL shorteners, and other malicious   
   attachments to deliver malware like  Latrodectus, BruteRatel C4 (BRc4) and   
   AHKBot as well as remote access trojans (RATs).    
      
   Tax day specifically represents a serious risk the many who are looking for   
   help in filing taxes, and criminals can convince victims to enter their   
   financial information - which leaves people at risk of identity theft or   
   fraud, especially criminals taking out credit cards in the victims name.    
      
   Tax-centric threats    
      
   The themed phishing emails have been sent thousands of times, Microsoft    
   notes, using email subjects like Important Action Required: IRS Audit and   
   Notice: IRS Has Flagged Issues with Your Tax Filing.    
      
   These are designed to create a sense of urgency, which panics victims into   
   acting without properly considering the risks.    
      
   Some campaigns even started with a benign rapport-building email from a fake   
   persona to lure recipients in, followed by a second email containing a   
   malicious PDF - a technique which increases the slick rates on the malicious   
   payloads thanks to the established trust between the attacker and victim.    
      
   A popular malware delivered in these campaigns is GuLoader, a highly evasive   
   malware downloader which leverages encrypted shellcode, process injection,    
   and cloud-based hosting services in order to deliver payloads like   
   infostealers and RATs.    
      
   Criminals often take advantage of events or services, with Microsoft warning   
   about a new phishing campaign impersonating Booking.com , deploying powerful   
   malware to steal credentials.    
      
   The most effective defence against phishing attacks is education - knowing   
   what to look for and staying calm in order to avoid being convinced to click   
   malicious links or to enter credentials.    
      
   Weve listed everything you need to know about phishing to help keep you safe.   
      
   ======================================================================   
   Link to news story:   
   https://www.techradar.com/pro/security/look-out-for-tax-themed-scams-this-mont   
   h-microsoft-warns   
      
   $$   
   --- SBBSecho 3.20-Linux   
    * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)   
   SEEN-BY: 105/81 106/201 128/187 129/305 153/7715 154/110 218/700 226/30   
   SEEN-BY: 227/114 229/110 111 114 206 300 307 317 400 426 428 470 664   
   SEEN-BY: 229/700 705 266/512 291/111 320/219 322/757 342/200 396/45   
   SEEN-BY: 460/58 712/848 902/26 2320/0 105 3634/12 5075/35   
   PATH: 2320/105 229/426