Cybersecurity experts have warned that a group of hackers, known as TACTICAL#OCTOPUS, is using tax-related email lures to spread malware. The group uses employee W-2 tax documents, I-9 forms, and real estate purchase contracts to get people to download malware that gives them access to devices.
The attacks typically begin with emails that contain password-protected .zip files with tax-related names. Two of the IP addresses identified in the attack were registered to Petersburg Internet Network in Russia, while a third address was linked to US-based company Des Capital BV. However, the attackers’ true origins could be obscured by a false flag operation. The attacks are part of a trend of annual tax-related scams that start at the beginning of each year.
The Internal Revenue Service (IRS) identified $5.7bn in tax fraud schemes last year, more than twice the amount reported in 2021. The IRS has urged everyone to “remain vigilant against email and text scams aimed at tricking taxpayers about refunds or tax issues”.
In an effort to protect taxpayers, the IRS started a “Dirty Dozen” list of common scams that people may encounter, such as fake charities and promotions of false fuel tax credit. Many of these schemes peak during filing season as people prepare their returns or hire someone to help with their taxes.
Austin Berglas, a former FBI Cyber Division special agent, said it is important for tax preparation software users to secure their email accounts with strong passwords and multi-factor authentication.
Email is a top target for cyber criminals, who can obtain interesting and valuable information if accounts are not secured.
