New Threat Research: Uncovering Adversarial LDAP Tradecraft

Read Threat Research


Scammers Target Universities in Ongoing IRS Phishing Attacks

The Internal Revenue Service (IRS) is warning of ongoing phishing attacks targeting educational institutions. The attackers impersonate the IRS and use tax refund payments as bait while they focus on universities’ staff and students with .edu email addresses. The emails use “Tax Refund Payment” or “Recalculation of your tax refund payment” in the subject line to attract victims. A link in the email redirects victims to a phishing page that prompts them to fill out a form with sensitive information. This information is then used to commit fraud by the attackers.

Analyst Notes

The IRS has advised university staff and students who receive these emails to not click any of the links and to forward the emails as file attachments to [email protected]. It is also encouraged that individuals get an Identity Protection PIN to block identity thieves from filing fraudulent tax returns with stolen information. It is important that all employees at every level are trained and educated on current phishing scams and tactics. Identifying suspicious URLs or email addresses or knowing when an attachment may be malicious can prevent an attack brought on by a phishing email. Spelling and grammar errors are also common in phishing scams as are suspicious links and mismatched domain names. If an email claims to be from a reputable company but the email came from a separate domain, it is likely a scam. Multi-factor authentication also provides a strong barrier against phishing attacks because it requires an extra step for cyber criminals to overcome in order to conduct a successful attack. Companies should also utilize a service such as Binary Defense’s Managed Detection and Response service to monitor endpoints for any abnormal activity and identify attacks early before they can cause damage. The Binary Defense Counterintelligence team conducts deep dive investigations for specific employees to ensure their information has not been compromised on the Dark Web and can continuously monitor Dark Web markets and forums on behalf of our clients to alert them any time company or employee information appears so that the company can take proactive defensive steps to prevent damage and financial loss.