Tax Season Email Scam Aims to Steal from Uncle Sam

Every year around tax season, we see a huge spike in tax-related social engineering attacks. Social engineering is a type of cyber attack that attempts to psychologically manipulate users, tricking them into downloading malicious software or divulging confidential information. Very often, these attacks take the form of a fraudulent email created to mimic an email from a website like TurboTax.

Here’s a look at one of the fake messages, which uses the official TurboTax logo and a link to the actual TurboTax website to fool users. Notice that the email contains an attached file called TAX_962717752.zip:

TurboTax Trojan Email Scam

The file attached in this email contains a Trojan horse (or “Trojan”) named Zeus, and it’s one of the most prolific types of malicious software circulated today. What differentiates a Trojan from a traditional virus is that, like the mythological Trojan horse, this type of software attempts to masquerade as something useful in order to trick users into opening the file. In this case, Zeus appears to be a useful piece of tax-related software, which its creators knew would be appealing during tax season.

Zeus was created to steal online banking credentials, and it works by recording the information you type into website forms. For example, when you visit your online banking website and are asked to type in your username and password, Zeus can record that information and send it to a cybercriminal. What is particularly stealthy about Zeus is that it not only steals data that you would normally fill in (like your username and password), but it actually adds fields to trick you into divulging more sensitive information. For example, you might be asked to share your Social Security number on a bank login page for “security reasons.” In this case, the banking website itself is not a fake, but the extra SSN field is and was created by the Zeus Trojan.

How to avoid Zeus

You can avoid infection from this threat by taking care not to click on links and attachments included in unsolicited emails. If you are unsure whether an email is legitimate, call the service or site directly to confirm before you download any attachments. This holds true not only for tax season scams, but also for any unsolicited email that asks you to divulge confidential information. This could include emails from your bank, PayPal, eBay, or a shipping service, and you should pay particular attention to emails that ask you to share or confirm payment information.

These fraudulent email attacks are also called “phishing” attacks, and you can learn more by watching the video below:

In addition, McAfee All Access with McAfee Mobile Security currently detects all known variants of the Zeus Trojan, including variants that specifically target mobile devices like Blackberry and Android smartphones or tablets. Thus, if you have up-to-date McAfee security software installed, your devices will be protected.

What to do if you’ve been hacked

If you do not have up-to-date security software installed and expect that you’ve been hit with a scam email attack, there are a few ways to help protect your information until you can have the malicious software removed.

First, remember that Zeus was built to steal banking information, so you will need change all online banking passwords right away. Do not log into your accounts on the infected computer, but instead do this over the phone or on a computer that you know is secure. You will also need to change passwords on all other accounts that have been accessed on the infected computer, including personal email and social media accounts.

Afterwards, notify your bank of the attack so that they can place a fraud alert on your account. This will allow them to freeze any transferred funds or reverse fraudulent transactions, and they may close compromised accounts to stop criminal activity.

Finally, check your balances and recent transactions carefully until you are sure the infected computer is clean. Once the threat has been removed, you should install security software right away to prevent another infection.

Leave a Reply