While tax season may have already occurred, researchers at Abnormal Security have discovered another scam that’s targeting Google G-Suite users and they believe it may have reached the inboxes of around 50,000 people. With this scam, users are receiving .pdf documents in their email that contain a very believable W-8BEN form, which is used to maintain nonresident tax-exemption status. The email even appears to be from irs.gov, however, it is spoofed and is really coming from “huaweimobilewifi.com” a Chinese registered domain. Aside from the information typically asked for in the form, additional information such as passport numbers and bank account details are requested by the scammers. Once the form is filled out, users are asked to fax them to a number that is known to be associated with other scam campaigns. Surprisingly enough, there is no payload included in the .pdf document and it seems this rather an attempt to get high level executives to provide their personal information.
By Akshay Rohatgi and Randy Pargman About this Student Research Project Binary Defense’s mission is