ClickCease Phishing campaign targets tax professionals

Join Our Popular Newsletter

Join 4,500+ Linux & Open Source Professionals!

2x a month. No spam.

Phishing campaign targets tax professionals

April 25, 2023 - TuxCare PR Team

As the U.S. tax season comes to a close, Microsoft warns that a new phishing effort is targeting accounting companies and tax preparers, planting malware that allows hackers to get early access to business networks.

According to Microsoft, the effort has been active since February and aims to compromise accounting and tax preparation firms by disseminating the Remcos remote access trojan (RAT). To help tax professionals complete their returns, the campaign has sent phishing emails appearing to be from clients who are delivering documentation.

To escape detection by security software, the phishing emails included click-tracking service URLs. The receivers are directed to a file hosting site where they may download a ZIP archive masquerading as PDF files for various tax forms. These files, however, are Windows shortcuts that, when activated, launch PowerShell. PowerShell then downloads a strongly encrypted VBS file from a remote host, saves it to C:WindowsTasks, and executes it.

The Microsoft report stated that this campaign is unusual in that it only targets tax preparation firms and individuals. “The targets for this threat are exclusively organizations that deal with tax preparation, financial services, CPA and accounting firms, and professional service firms dealing in bookkeeping and tax.”

To avoid falling victim to this type of phishing campaign, Microsoft recommends that users enable the display of file extensions in Windows so they can identify suspicious files. However, Windows shortcuts are a special file type that uses the .lnk file extension but does not show the file extension when displayed in File Explorer. This makes detecting that a file is a shortcut in disguise more difficult. Listing files in File Explorer in ‘Details’ mode will show that it is a Windows Shortcut, making it easier to spot.

The sources for this piece include an article in BleepingComputer.

Phishing campaign targets tax professionals
Article Name
Phishing campaign targets tax professionals
Microsoft warns that a new phishing effort is targeting accounting companies and tax preparers, planting malware.
Publisher Name
Publisher Logo

Looking to automate vulnerability patching without kernel reboots, system downtime, or scheduled maintenance windows?

Learn About Live Patching with TuxCare

Become a TuxCare Guest Writer

Get started




Linux & Open Source

Subscribe to
our newsletter