Australian Taxtime Used by Online Criminals to Infect Computer with Trojans
Up to 1 percent of approximately one million spam messages sent worldwide are now directed at Australians as they rush to file tax papers.
According to Bitdefender data, over the past month, cyber criminals initiated three separate spam campaigns impersonating the Australian Taxation Office in an attempt to infect the country’s citizens as Australia entered the tax season.
The above graphic shows the three consecutive spam campaigns where the first attack registered approximately 6,000 incidents on July 15th, followed by a second wave of some 4,000 spam e-mails on July 23rd. The third hit was also the campaign peak and occurred on the 6th of August when circa 10,000 spam e-mails were aimed at Australians. This sort of malicious outbreak is expected to continue heavier and more targeted as the taxtime approaches its deadline in October.
Attackers hope their targets are too concerned with their financial duties to double check the sender’s address and discover the con.
The bogus e-mails use slight variations of the following body message: “TAX REFUND NOTIFICATION. After the last calculation of your fiscal activity we have determined that you are eligible to receive a refund of 6441.80 AUD.” Invariably, it instructs the recipients to open the attachment.
Once accessed, the attachments compromise their systems with malware that steals users’ passwords and login data to their money accounts.
For each of the three shot-lived but aggressive spam campaigns, scammers used as e-mail attachment three variants of Trojans from the notorious Fareit family.
These Trojans steal passwords from the infected system, connects to a command and control center where it sends the identification data of the compromised machine, downloads further malicious pieces among which the banking malware ZeuS and sometimes they take part in distributed denial of service attacks.
The malicious messages were sent from servers located in the United States and UK, but also in Mexico, Israel, Japan, Philippines, Hong Kong, Kazakhstan and Canada.
Spammers also use reputable Australian banks, including CitiBank, Commonwealth Bank, Bank of Melbourne, and National Australian Bank to lure users with dangerous links and malicious attachments and infect their systems with malware.
Unfortunately, urers continue to fall for the oldest trick in the spam book and click links or open attachment that infect their machines with money stealing Trojans or fill in fake forms and give away sensitive identification or card data to perfect strangers that can later on impersonate them in fraudulent acts.
This article is based on the spam samples and the technical information provided courtesy of Adrian MIRON, Bitdefender Spam Researcher; and Cristina VATAMANU & Alexandru MAXIMCIUC, Bitdefender Virus Analysts.
All product and company names mentioned herein are for identification purposes only and are the property of, and may be trademarks of, their respective owners.
Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US
July 16, 2021
How to protect yourself against cyberstalking
July 06, 2021
The Top Five Security Risks Smartphone Users Face Today
July 02, 2021
Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials
July 02, 2021
Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger
June 30, 2021
Mobile security threats: reality or myth?
June 13, 2021
FOLLOW US ON
You might also like
July 23, 2021
July 22, 2021
July 20, 2021