New Case Study: Threat Hunter finds renamed system utilities by file hash to uncover multiple attacks   

Read Case Study

Search

TrickBot Malware Increases for Tax Time

April 8, 2019

TrickBot, which is a financial-based trojan, is on the rise as Tax Day approaches. This new style of attack is targeting businesses and consumers alike in the form of malicious emails that appear to be legitimate accounting, tax, payroll services, the IRS and student loan companies. These emails are embedded with a specially crafted Excel document that, once opened, combs through the user’s vulnerable system for passwords, banking information, and tax documents. The stolen tax documents are being used to file fraudulent tax forms to hopefully garner a tax return that the attacker directs to their own destination. The IRS stated that in 2016, more than $1.6 billion in fraudulent returns were collected.  ADP and Paychex, both payroll and human resources providers, are being imitated by attackers in these phishing attempts.

Analyst Notes

If an email is received from a suspicious source, it should be immediately reported so that it can be blocked from the system and left unopened. The companies that are being imitated should be contacted to report the scam emails.