TrickBot, which is a financial-based trojan, is on the rise as Tax Day approaches. This new style of attack is targeting businesses and consumers alike in the form of malicious emails that appear to be legitimate accounting, tax, payroll services, the IRS and student loan companies. These emails are embedded with a specially crafted Excel document that, once opened, combs through the user’s vulnerable system for passwords, banking information, and tax documents. The stolen tax documents are being used to file fraudulent tax forms to hopefully garner a tax return that the attacker directs to their own destination. The IRS stated that in 2016, more than $1.6 billion in fraudulent returns were collected. ADP and Paychex, both payroll and human resources providers, are being imitated by attackers in these phishing attempts.
Analyst Notes
If an email is received from a suspicious source, it should be immediately reported so that it can be blocked from the system and left unopened. The companies that are being imitated should be contacted to report the scam emails.