Torrentlocker Takes Advantage of Tax Season

Posted Mar 10, 2015
6Shares
Share Tweet Submit

Even though we’re nearing the deadline for tax season within the US and abroad I still want to mention this, in case anyone sees this particular threat out there. It seems that taxes are becoming a noticeable though small target in the UK, Australia and New Zealand areas.

A TorrentLocker infused scam takes advantage of the unlucky for the 2015 tax season.

It seems that there is just no shame whatsoever in how cybercriminals conduct business. Three are two different phishing campaigns of note. The first involves those living in the UK and a message from the HM Revenue and Customs agency. Messages are sent that alert the unfortunate citizen that they might have overpaid their taxes. That would certainly be welcome, if it were legitimate.

Downloading the attachment, unsurprisingly, is a very bad thing. It leads to a web page that mirrors some elements of the legitimate HM Revenue and Customs page and asks for information so that you can get your tax return. It instead captures your information and thus your money gets stolen instead.

At least they’re smart enough to have asked for only a debit card.

The second phishing campaign affects people in the ANZ region. The attackers in this case are leveraging the unique capabilities of the TorrentLocker ransomware in order to extort money instead of the usual stealing of information. Very interesting indeed.

Again a message seems to be sent from an official government source, the State Debt Recovery Office, citing that your taxes are being reassessed and that you may owe a penalty. Certainly bad news, and something that I think I might even at least open to view the message.

Finland, On Its Way To Becoming The First Nation To Eradicate Coal From Its Energy Production For Good

Clicking the more information button only downloads the TorrentLocker ransomware on your system and doesn’t tell you about the reassessment at all. Your files will be locked and the key to unlock stored on an as of yet unknown server somewhere.

Looking at the email. though, should provide some nice clues as to its legitimacy. You see those ‘=’ symbols used in the text seemingly randomly? That might be a sign that it isn’t legitimate, even an email using a different character encoding method shouldn’t provide such errors. A government agency also shouldn’t have such blatant errors in their official correspondence. Generally an email is a precursor to a phone call in most areas anyway.

If you’re unsure about such emails because of your actual tax situation, then please call your respective tax offices to confirm the legitimacy of emails before proceeding. And don’t hesitate to report such things to those agencies either.

Share Tweet Submit