Microsoft has issued a warning about a surge in tax-themed email attacks using PDFs and QR codes to deliver malware. As Tax Day approaches in the United States on April 15, cybercriminals are increasingly targeting individuals and businesses by leveraging tax-related themes to trick users into revealing sensitive information or infecting systems with malicious software. These attacks, which have risen by over 30% in recent months according to Microsoft, exploit the urgency and stress associated with tax filing to increase their success rate. The ‘tax-themed email attacks’ is crucial in understanding the rising threat of cybercriminals using PDFs and QR codes for malware delivery.

These attacks involve phishing campaigns that use PDF attachments containing URLs or QR codes. The URLs often lead to fake login pages designed to steal credentials, while the QR codes can redirect to malicious websites. The use of QR codes in phishing, also known as ‘quishing’, has gained traction, as they can easily bypass traditional security measures.

One of the prominent phishing campaigns identified by Microsoft uses a phishing-as-a-service platform called RaccoonO365. This platform facilitates the delivery of remote access trojans (RATs) like Remcos RAT, as well as other malicious tools such as Latrodectus, AHKBot, GuLoader, and BruteRatel C4.

Real-World Examples

One campaign targeted U.S. organizations by sending emails with PDF attachments that redirected users to counterfeit DocuSign pages. Another campaign involved PDF attachments featuring QR codes leading to fake Microsoft 365 login pages to harvest credentials. Microsoft also reported that some phishing emails posed as notifications from the IRS or tax preparation services, further increasing their credibility. For more detailed insights, you can visit the Microsoft Security Blog.

New Tactics and Techniques

Threat actors are increasingly embedding QR codes in phishing emails, directing victims to credential-harvesting websites. Microsoft noted that the use of QR codes in these attacks is on the rise, with attackers continuously updating their techniques to bypass security measures. Some campaigns are also using compromised legitimate websites to host the malicious payloads, making detection more challenging.

The Rise of Quishing Attacks

​Quishing, or phishing via QR codes, has seen a significant rise in recent times. According to TrendMicro, phishing attacks increased by 58% by 2023, with financial damages estimated to reach up to USD 3.5 billion in 2024. Additionally, from October 2023 to March 2024, image detection technology in Microsoft Defender for Office 365 prevented QR code phishing attacks, leading to a 94% drop in phishing emails using this technique. Banks and regulators have expressed concern about the rise of such scams, as they often evade traditional security protocols and trick users into disclosing sensitive information.

How to Stay Protected

To mitigate the risks associated with tax-themed email attacks, Microsoft recommends implementing a multi-layered security strategy. Here are some crucial steps to stay protected:

• Be cautious with unsolicited emails: Avoid clicking on links or scanning QR codes from unknown or unexpected sources, especially those claiming to relate to taxes.
• Verify communications: Always cross-check tax-related messages with official sources, like the IRS website or verified tax preparation services.
• Enable multi-factor authentication (MFA): Adding an extra layer of security can prevent unauthorized access, even if credentials are compromised.
• Monitor for suspicious activity: Use security monitoring tools to detect unusual login attempts or access from unfamiliar IP addresses.
• Regularly update software: Ensure that antivirus programs, email security tools, and system software are kept up to date to defend against evolving threats.
• Educate and train staff: Conduct awareness programs about phishing attacks, specifically highlighting the risks associated with QR codes and PDF attachments.

By taking these precautions, businesses can significantly reduce their exposure to tax-themed email attacks and enhance their overall cybersecurity posture.

To Sum UP

Staying vigilant against tax-themed email attacks is crucial for businesses and individuals alike. These attacks are not just a seasonal problem; they are part of a larger trend where threat actors increasingly leverage real-world events and deadlines to exploit human vulnerability. As cybercriminals continue to innovate, adopting proactive cybersecurity measures becomes essential to safeguarding digital assets. This includes not only educating employees and users about potential threats but also continuously updating security protocols to stay ahead of evolving tactics. By fostering a culture of cybersecurity awareness, businesses can significantly reduce their risk of falling victim to these sophisticated phishing campaigns. 

References

Threat actors leverage tax season to deploy tax-themed phishing campaigns | Microsoft Security Blog

Escalating Cyber Threats Demand Stronger Global Defense and Cooperation – Microsoft On the Issues