A new wave of phishing attacks aims to dupe users and steal their passwords by disguising malicious emails as tax-related notifications from the IRS. Barracuda Networks last month flagged a “critical alert” when it detected attack attempts to steal user passwords. This threat lures victims with Microsoft 365 Office files claiming to be tax forms or other official documents; attackers use urgent language to convince people to open the attachment.
Examples of this tactic include files named “taxletter.doc” and phrases like “We are apprising you upon the arisen tax arrears in the number of 2300CAD.” The use of popular file types like Word and Excel, which are globally known and used, further ensures victims will fall for it.
In this case, users are hit with the password stealer when they download and open the malicious document. When the document opens, a macro inside launches PowerShell, which acts in the background while the victim views the document.
Read more about these phishing emails that have already affected tens of millions of people, while attackers evade detection by crafting different emails, on DarkReading.