Security News > 2022 > April > Cybercriminals deliver IRS tax scams and phishing campaigns by mimicking government vendors

Cybercriminals are leveraging advanced tactics in their phishing-kits granting them a high delivery success rate of spoofed e-mails which contain malicious attachments right before the end of the 2021 IRS income tax return deadline in the U.S. April 18th, 2022 - there was a notable campaign detected which leveraged phishing e-mails impersonating the IRS, and in particular one of the industry vendors who provide solutions to government agencies which including e-mailing, digital communications management, and the content delivery system which informs citizens about various updates.

The IT services vendor actors impersonated is widely used by major federal agencies, including the DHS, and other such WEB-sites of States and Cities in the U.S. The identified phishing e-mail warned the victims about overdue payments to the IRS, which should then be paid via PayPal, the e-mail contained an HTML attachment imitating an electronic invoice.

The attackers leveraged e-mail header fields including X-accountcode, X-Destination-ID and X-ReportingKey.

The phishing e-mail also had a Return-Path field defined as another e-mail controlled by the attackers which collects information about unsuccessfully delivered e-mails.

We encourage Internet customers to be especially careful when receiving such e-mails and to validate them first without opening attachments, as it may compromise your digital identity and/or email, and lead to a data theft.

For independent security researchers and cybersecurity community we share a sample of the phishing e-mail caught by our cyber threat intelligence system for further review to increase detection of similar campaigns in future.

News URL

https://www.helpnetsecurity.com/2022/04/28/irs-tax-scams-phishing-mimicking-government-vendors/