Someone’s Spreading Ransomware by Pretending to be the IRS

There’s a threat actor who was recently discovered who is pretending to be the IRS in order to spread ransomware. The email has been shared online and the body of the phishing email reads as follows:

“The Internal Revenue Service (IRS) is the revenue service of the United States government. The government agency is a bureau of the Department of the Treasury. The IRS is responsible for collecting taxes and administering the Internal Revenue Code, the federal statutory tax law of the U.S. Our duty is to maximize tax revenue, as well as pursuing and resolving instances of erroneous or fraudulent tax filings.

Owing to changes of tax laws of the United States of America of June 21, 2017, any business activity of resident or non-resident citizens of the United States of America abroad, in particular the belonging of offshore companies, equity participation and offshore capitals, is transferred under special control of the Federal Bureau of Investigation.

FBI requires a completed questionnaire here with absolutely reliable information. The questionnaire should be printed, filed out, and signed in the specified places, scanned and sent within 10 days from the reception of this letter.”

Given what’s available on the Dark Web, and Microsoft’s dominant market share on the desktop, the ransomware likely exploits Windows vulnerabilities.

How to Spot Suspicious Messages

In 2017, I hope that most Americans are aware that if the IRS wanted documentation from them, they would contact you by snail mail or ask you to visit their website to download a PDF from there. If the FBI is investigating you, if you were ever notified, it’d likely be through law enforcement. The FBI certainly doesn’t investigate financial fraud by contacting their suspects through the IRS like this. And the FBI doesn’t do any of the IRS’s routine (Read more...)

This is a Security Bloggers Network syndicated blog post authored by Kim Crawley. Read the original post at: Cylance Blog