Have you received what looks like a very legitimate email suggesting you need to upgrade your Microsoft 365 account?  Maybe the IRS sent you a notification regarding a “critical alert” via email?  If so, do not engage!  A new wave of phishing attacks is trying to get users to respond to fake emails that could easily infect your computer with a virus that can compromise your passwords.

According to Dark Reading, Barracuda Networks flagged a “critical alert” when it detected attack attempts to steal user passwords. This threat lures victims with Microsoft 365 Office files claiming to be tax forms or other official documents.  As such, attackers use urgent language to convince people to open the email attachment.  When users open and download the file, they are attacked with a password stealer.

The files are entitled “taxletter.doc” and phrases like “We are apprising you upon the arisen tax arrears in the number of 2300CA” are tricking users into clicking on malicious links, reports Dark Reading. The use of popular file types like Word and Excel, further ensures victims will fall for it.

“The IRS will never initiate contact with taxpayers via email about a bill or tax refund. Don’t click on one claiming to be from the IRS,” warns experts.

Tens of millions of people have been affected by these phishing emails, reports Dark Reading.  This year, password stealers are appearing in phishing emails, browser extensions, and other programs as criminals hunt for login data.

According to the AARP, the Federal Trade Commission reports that tax fraud ranked second in 2017 in types of identity theft reported, with more than 82,000 reports made last year. But a new poll from AARP, which surveyed 1,005 Americans by phone, reveals that people may have a false sense of security, as three-fifths (62 percent) report they’re either extremely confident or very confident in their ability to detect fraud.

If you become victim to this, remember to change out all your passwords such as banking, PayPal and other critical accounts.

Many users might feel ashamed if they are caught in such a swindle.  The truth is, some of these cybercriminals are so adept, that even security experts can fall victim.  The point is to be alert and suspicious of emails that don’t look right and never click on a link that is emailed to you from an unknown source.

If you feel you have fallen victim to a tax or IRS fraud or scam, click here to report criminal activity (or should you? How about typing www.irs.gov in your browser, go to bottom of page and select Tax Fraud and Abuse for more info).

DiamondIT has been a leader in technology solutions and their experts will prepare, predict, and prevent attacks on your networks. Call 877-716-8324 for more information.