Subj : Microsoft warns accountants of new phishing campaign amid tax per
To   : All
From : TechnologyDaily
Date : Fri Apr 14 2023 12:45:04

Microsoft warns accountants of new phishing campaign amid tax period

Date:
Fri, 14 Apr 2023 11:30:42 +0000

Description:
Hackers are targeting financial service provider firms with the Remcos 
malware.

FULL STORY
======================================================================

Microsoft is sounding the alarm over a new phishing campaign targeting 
accounting firms, tax preparers, financial services providers, and similar 
organizations in the United States. The campaign is currently at its zenith, 
given that the annual tax season in the country is reaching its end. 

That means that financial service providers and similar firms are rushing to 
meet the deadline and file annual tax returns for their clients. As a result, 
they might be reckless and/or overworked, making them an ideal target for 
hackers. 

The phishing campaign, Microsoft says, can have different goals. Some threat 
actors might use these emails to distribute infostealing malware , as 
financial service providers often hold plenty of sensitive client data which 
can be used in extortion attacks. Delivering Remcos 

Alternatively, they can always sell the data on the dark web for other threat 
actors to make use of. In other scenarios, they can use this access to 
deliver stage-two malware, run ransomware campaigns, and similar. 

Microsoft observed some threat actors using phishing techniques to deliver 
Remcos, a known remote access trojan. Read more 

> What is phishing and how dangerous is it? 


 > Everything you need to know about phishing 


 > Here's our list of the best endpoint protection services around 

"With U.S. Tax Day approaching, Microsoft has observed phishing attacks 
targeting accounting and tax return preparation firms to deliver the Remcos 
remote access trojan. 

The emails are nothing extraordinary - the attackers claim to be a client of 
the victim, sharing the documents needed to file a tax return. They share the 
documents via a link to a filesharing service provider, thus bypassing any 
email security tools the victims might have installed on their endpoints. 

If the victim ends up downloading the files, theyll find a couple of bogus 
PDF files and Windows shortcut files that, if run, ultimately deliver Remcos. 

The best way to protect against phishing is to be vigilant when receiving any 
attachments or links in emails, especially when theyre not expected. Also, 
having an antivirus solution, a firewall, and multi-factor authentication, 
will help. Check out the best identity theft protection tools right now 

Via: BleepingComputer



======================================================================
Link to news story:
https://www.techradar.com/news/microsoft-warns-accountants-of-new-phishing-cam
paign-amid-tax-period


--- Mystic BBS v1.12 A47 (Linux/64)
 * Origin: tqwNet Technology News (1337:1/100)

.