Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Tax Phishing Time - Internet Security | DShield SANS ISC InfoSec Forums

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Tax Phishing Time

Its that time of the year where you will start receiving fake tax information emails. So far today we have seen just a small campaign,  but I think people will more likely be susceptible to this kind of email this year as most people have heard about changes to the tax code, but not sure what has changed and how it affects them.  


The below attack had nothing significant about it as its a PDF that appears to be a link to a google document. The site then mimics google login and harvests credentials. I expect to see some very well crafted and targeted emails shortly that will trick users.



Subject:Federal Tax Refund Information


Attachment:Federal Tax Refund Information.pdf



Good afternoon, I have a very important information for you concerning the Federal Tax Refund which I know that it will help you. Kindly check the attached file to view the details.


Here is the PDF attachment.




The website that you were redirected to looked like this.






If your are already seeing more of these, let us know.


Tom Webb



50 Posts
ISC Handler
Yeah I recently got a phishing e-mail from someone looking to get my account information. They said they were with the federal government or whatever, but they were using a Gmail account.

I'd recommend to just avoid any and all accounts which are not associated with a .gov website. And even if it is a .gov website, check that website out to see if it's legitimate.

I got another one recently as well, saying it was going to give me a few thousand dollars in free money if I just signed up, directed me to <a href="">Emergency Cash Loan</a> and I was kind of surprised with how they advertised it. Why do these people insist on invading our lives?

Sign Up for Free or Log In to start participating in the conversation!