Tax Phishing Emails

Researchers at Talos, Cisco's security intelligence and research group, have recently spotted "tax-themed" phishing emails targeted towards CTO's of technology companies. The emails are in "drip" format, with the initial email claiming that an attached Word document is the recipient's printable federal tax payment, while a second email claims that said payment had not yet been received and to download a "confirmation file" in order to proceed.

In both emails, the attached file appeared to be a Word document that; once opened, instructed users to enable MS Office macros in order to view its contents. It should be noted that MS Office macros are disabled by default for security concerns. When the user enables the macros, the document drops several malicious files onto the victim's computer. These malicious files form a version of the Vawtrak banking Trojan, which collects users' log in credentials for various banking and social networking sites.

Given their technical expertise, the phishing campaign hasn't had too much success on it's target audience; however, it is important to always remember to be on high-alert when something seems off in regards to emails, senders, recipients and attachments, ESPECIALLY if that attachment requires the launching of a 3rd party application.

Trend Micro researchers have also warned about similar phishing emails disguised from FedEx and American Airlines as well that utilize the same structure and method as the "tax-themed" emails spotted by Cisco.