either revenue agency and encouraging individuals to open files corrupted with malware . These scam emails use tax transcripts as baitAttack.Phishingto enticeAttack.Phishingusers to open the attachments . The scam is particularly problematic for businesses or government agencies whose employees open the malware infected attachments , putting the entire network at risk . This software is complex and may take several months to remove . This well-known malware , known as Emotet , generally poses asAttack.Phishingspecific banks or financial institutions to trickAttack.Phishingindividuals into opening infected documents . It has been described as one of the most costly and destructive malware to date . Emotet is known to constantly evolve , and in the past few weeks has masqueraded asAttack.Phishingthe IRS , pretending to beAttack.Phishing“ IRS Online. ” The scam email includes an attachment labeledAttack.Phishing“ Tax Account Transcript ” or something similar , with the subject line often including “ tax transcript. ” Both DOR and IRS have several tips to help individuals and businesses not fall prey to email scams : Remember , DOR and the IRS do not contact customers via email to share sensitive documents such as a tax transcript . Use security software to protect against malware and viruses , and be sure it ’ s up-to-date . Never open emails , attachments or click on links when you ’ re not sure of the source . If an individual is using a personal computer and receivesAttack.Phishingan email claiming to beAttack.Phishingthe IRS , it is recommended to delete or forward the email to phishing @ irs.gov orto investigations @ dor.in.gov Business receiving these emails should also be sure to contact the company ’ s technology professionals .
A wave of cyberattacks is targeting organisations ' financial departments with a social engineering and phishing campaignAttack.Phishingdesigned to trickAttack.Phishingvictims into downloading credential-stealing malware and other threats . Detailed by researchers at Barracuda Networks , the invoice impersonation attacks aim to persuadeAttack.Phishingthe victim that the messages are from trusted sources , or to act on impulse -- planting the idea that the target has lost money is a common tactic in phishing emails , as it creates panic for the user . The victim thinks they are reacting to an important request when all they 're doing is playing right into the hands of the attackers . A new wave of these attacksAttack.Phishinginvolves attackers sendingAttack.Phishingstatus updates for invoices -- but these do n't just involve threat actors firing off millions of messages at random and hoping for the best ; they 're specially crafting the attacksAttack.Phishingto look authentic and crucially , from someone the target might trust . In one example of this attackAttack.Phishing, the target receivesAttack.Phishingan email asking for a reply to a query about the payment status of an invoice . A legitimate-looking invoice number is provided in the subject line and the sender 's name is chosen to beAttack.Phishingsomeone the recipient knows . MimickingAttack.Phishingsomeone the victim knows suggests the attackers are already familiar with the target and their network -- this information could simply have been scraped from a public profile such as LinkedIn or it could indicate that the attackers already have a foothold in the network which they 're looking to exploit for further gains . The message might look legitimate at first glance -- especially for someone quickly scanning emails in a high-paced financial environment -- but the invitation to click on a link to respond to the supposed status should be treated with suspicion . But if a recipient does click through , the link will download a Word document supposedly containing the invoice -- which then goes onto install malware onto the system . It could be subtle , like a trojan or the victim could recognise their error immediately if faced with ransomware . The attackers are n't just using a single template in the campaign , researchers have spotted other lures used in an effort to distribute a malicious payload . A second invoice impersonation attack uses the subject 'My current address update ' and claims to containAttack.Phishinginformation from a trusted contact about a change of address , along with details of a new invoice . Once again , the victim is encouragedAttack.Phishingto click through a link to download the document from a malicious host with the end result again being an infection with malware , credential theft or a compromised account . The attacks might seem simple , but those behind them would n't be deploying them if they did n't work . `` Impersonation is a proven tactic that criminals are regularly using to attractAttack.Phishingvictims into believing that they are acting on an important message , when that could n't be further from the truth , '' said Lior Gavish , VP at Barracuda Networks . When it comes to protection against this type of attack , employee training can go a long way , especially if they 're provided with a sandbox environment .
A new phishing campaignAttack.Phishingis using a fake iTunes receipt for movie purchases to compromise Apple users ' sensitive information . Fortinet researchers first spotted the phishing campaignAttack.Phishingover the weekend of 17 February . The attackAttack.Phishingbegins when an Apple user receivesAttack.Phishinga receipt that appears to have come from iTunes . In actuality , an email address based in Norway sent the message . The receipt lists purchases for a series of movies . These films ( which include `` Allied '' , `` Arrival '' , and `` Jack Reacher : Never Go Back '' ) debuted in theaters recently , which makes the ruse relevant and consequently more believable . This email is n't the first time phishers ( or smishers , for that matter ) have targeted Apple users . Users in the United Kingdom , Australia , and the United States have witnessed similar attacks over the past few years . This particular campaign targets Canadian users and seems to have improved upon earlier iterations of the scam . Of course , most users who receive the receipt will wonder why they 've been charged so much money for something they have n't purchased . Their attention will subsequently go to the link at the bottom of the email that claims they can obtain a full refund . But clicking on the link does n't help them in the slightest . As explained by Fortinet 's researchers : `` At the bottom of the receipt , there ’ s a link to request a “ full refund ” in case of an unauthorized transaction . Apple has no need for a user 's Social insurance number , which Canadians need to work for or to access government services , or their mother 's maiden name . But the phishers want their targets to overlook that fact and enter their details . Indeed , doing so would help the attackers assume control of their victim 's credit card and other financial information . This campaign , like so many others , demonstrates the importance of carefully reviewing suspicious emails . Users should look at the sending email address to see if it 's legitimate . If they come across an invoice or receipt for a credit card purchase , they should check their account history for such a transaction . If they do n't find anything , that means scammers are just trying to scare them into handing over their payment card details . Additionally , users might consider setting up transaction notifications on their payment cards . That way , if they have n't received an alert of a transaction , they 'll immediately know that an invoice such as the one above is a fake
More than 1,500 companies in over 100 countries have suffered an infection at the hands of the Adwind Remote Access Tool ( RAT ) . Discovered by researchers at Kaspersky Lab , this new attack campaign suggests that Adwind , a multifunctional backdoor which has targeted more than 450,000 individual users ( including Mac lovers ) since 2013 , has developed a taste for business victims . The Adwind malware ( also known as AlienSpy , Frutas , Unrecom , Sockrat and jRAT ) appears particularly drawn to retail and distribution , with approximately one-fifth of this operation 's victims falling under that category . It 's also preyed upon organizations in the architecture , shipping , construction , insurance , and legal sectors . An attackAttack.Phishingbegins when a business receivesAttack.Phishingan email from what appearsAttack.Phishingto be HSBC , one of the largest banking and finance organizations in the world . The email originates from the mail.hsbcnet.hsbc.com domain that 's been active since 2013 . Its message says the corresponding attachment contains payment advice for the recipient . As Kaspersky explains in an alert : `` Instead of instructions , the attachments contain the malware sample . If the targeted user opens the attached ZIP file , which has a JAR file in it , the malware self-installs and attempts to communicate with its command and control server . The malware allows the attacker to gain almost complete control over the compromised device and stealAttack.Databreachconfidential information from the infected computer . '' ( Just to be clear - opening the ZIP file itself does n't cause any harm , but opening the JAR file contained within the ZIP archive can infect computers ) Upon establishing a connection , attackers can use Adwind to stealAttack.Databreachconfidential information from the infected computer . This includes critical data relating to the business . Organizations based in Malaysia have suffered the brunt of this attack campaign thus far . But entities in the United Kingdom , Germany , Lebanon , and elsewhere are not far behind . Given Adwind 's evolution ( as well as its commercial availability on underground marketplaces and other dark web forums ) , organizations should restrict their use of Java ( on which the malware is based ) to a select few applications that absolutely require this software in order to function properly . If possible , companies should take their security one step further and try to isolate these applications from their other endpoints