PHISHING IN SEASON TAX TIME MALWARE, PHISHING AND FRAUD



Similar documents
ACCOUNT TAKEOVER TO IDENTITY TAKEOVER

BUGAT TROJAN JOINS THE MOBILE REVOLUTION

CITADEL TROJAN OUTGROWING ITS ZEUS ORIGINS

CYBERCRIMINAL IN BRAZIL SHARES MOBILE CREDIT CARD STORE APP

MALWARE TOOLS FOR SALE ON THE OPEN WEB

White paper. Phishing, Vishing and Smishing: Old Threats Present New Risks

AT&T Global Network Client for Windows Product Support Matrix January 29, 2015

Analysis One Code Desc. Transaction Amount. Fiscal Period

COMPARISON OF FIXED & VARIABLE RATES (25 YEARS) CHARTERED BANK ADMINISTERED INTEREST RATES - PRIME BUSINESS*

COMPARISON OF FIXED & VARIABLE RATES (25 YEARS) CHARTERED BANK ADMINISTERED INTEREST RATES - PRIME BUSINESS*

Dragonfly: Energy Companies Under Sabotage Threat Symantec Security Response

Using big data analytics to identify malicious content: a case study on spam s

Phishing Activity Trends Report for the Month of December, 2007

Case 2:08-cv ABC-E Document 1-4 Filed 04/15/2008 Page 1 of 138. Exhibit 8

Phishing Trends Report

QUARTERLY REPORT 2015 INFOBLOX DNS THREAT INDEX POWERED BY

How To Protect Your Online Banking From Fraud

Phishing Scams Security Update Best Practices for General User

2012 NORTON CYBERCRIME REPORT

Enhanced Vessel Traffic Management System Booking Slots Available and Vessels Booked per Day From 12-JAN-2016 To 30-JUN-2017

The Cost of Phishing. Understanding the True Cost Dynamics Behind Phishing Attacks A CYVEILLANCE WHITE PAPER MAY 2015

Fraud and Phishing Scam Response Arrangements in Brazil

Consumer ID Theft Total Costs

Spam in Q Contents. Fake notifications from mobile applications. Darya Gudkova

WHITE PAPER. The Cost of Phishing: Understanding the True Cost Dynamics Behind Phishing Attacks

The State of Spam A Monthly Report August Generated by Symantec Messaging and Web Security

Recognizing Spam. IT Computer Technical Support Newsletter

How To Prevent Cybercrime

A!Team!Cymru!EIS!Report:!Growing!Exploitation!of!Small! OfCice!Routers!Creating!Serious!Risks!

OIG Fraud Alert Phishing

Corporate Account Takeover & Information Security Awareness. Customer Training

Anti-Phishing Best Practices for ISPs and Mailbox Providers

KASPERSKY LAB REPORT. Financial cyber threats in 2013

Don t Fall Victim to Cybercrime:

The Pennsylvania Lawyer May June 2012

Stanford Computer Security Lab. TrackBack Spam: Abuse and Prevention. Elie Bursztein, Peifung E. Lam, John C. Mitchell Stanford University

Social Intelligence Report ADOBE DIGITAL INDEX Q4 2013

Kaspersky Fraud Prevention: a Comprehensive Protection Solution for Online and Mobile Banking

2009 Phishing Monthly Report, May. The State of Phishing A Monthly Report May Compiled by Symantec Security Response Anti-Fraud Team

Operation Liberpy : Keyloggers and information theft in Latin America

Malware & Botnets. Botnets

Fraud Threat Intelligence

Identity Theft. CHRISTOS TOPAKAS Head of Group IT Security and Control Office

EUROPEAN MOBILE INSIGHTS 2012 NORTON CYBERCRIME REPORT APRIL 2013

PROTECT YOUR COMPUTER AND YOUR PRIVACY!

CYBERCRIME AND THE HEALTHCARE INDUSTRY

How to Identify Phishing s

P/T 2B: 2 nd Half of Term (8 weeks) Start: 25-AUG-2014 End: 19-OCT-2014 Start: 20-OCT-2014 End: 14-DEC-2014

P/T 2B: 2 nd Half of Term (8 weeks) Start: 26-AUG-2013 End: 20-OCT-2013 Start: 21-OCT-2013 End: 15-DEC-2013

The Social Intelligence Report ADOBE DIGITAL INDEX Q3 2013

Zscaler Cloud Web Gateway Test

P/T 2B: 2 nd Half of Term (8 weeks) Start: 24-AUG-2015 End: 18-OCT-2015 Start: 19-OCT-2015 End: 13-DEC-2015

SECURITY REIMAGINED SPEAR PHISHING ATTACKS WHY THEY ARE SUCCESSFUL AND HOW TO STOP THEM. Why Automated Analysis Tools are not Created Equal

Ashley Institute of Training Schedule of VET Tuition Fees 2015

Update on the Latest Developments of the Madrid System Madrid Working Group Roundtable

Online security. Defeating cybercriminals. Protecting online banking clients in a rapidly evolving online environment. The threat.

ACH AND WIRE FRAUD LOSSES

Protecting your business from fraud

WHITEPAPER. V12 Group West Front Street, Suite 410 Red Bank, NJ

Online Security Information. Tips for staying safe online

The information contained in this session may contain privileged and confidential information. This presentation is for information purposes only.

SPAM AND PHISHING IN Q Tatyana Shcherbakova, Maria Vergelis, Nadezhda Demidova

Spear Phishing Attacks Why They are Successful and How to Stop Them

RC284. Protect Yourself Against Identity Theft

Vulnerability Assessment & Compliance

Transcription:

PHISHING IN SEASON TAX TIME MALWARE, PHISHING AND FRAUD April 2013 As cybercriminals will have it, phishing attacks are quite the seasonal trend. It seems that every April, after showing a slight decline in phishing in the first quarter of the year, they wake up and get back to work on vast spam campaigns that take advantage of tax-filing season. This time of year brings a few flavors of spam into the mailboxes of online users, including malware attachments that appear as communications such as tax statements or unclaimed refunds. In this special highlight, we will cover the main types of online threats we often see during the tax filing season, most of which are already rampant in the wild. Tax Authority Phishing Themes Although phishing is most often a direct attack, targeting account holders by presenting them with messages from their online banking provider, indirect phishing can be just as efficient, if not more. In these scams, phishers will create an email appearing to come from the local tax authority, encouraging taxpayers to browse to a (phishing) page where they will be tricked into believing they are opening an online account, updating their personal information, contesting a fraudulent statement or receiving a refund. Phishers use the taxation entity s credibility and authority in order to ask victims to part with their personal information, address and phone details as well as account information, access to online and phone banking, as well as complete credit card details. Those attacks can be very elaborate and eventually allow criminals to devise a wider array of identity theft scenarios, including loan and credit card application, fraudulent ecommerce purchases, fraudulent tax filing, and bank account takeover. FRAUD REPORT

Tax-Themed Phishing Elaborate phishing page designed to steal access credentials and personal financial information Malware Hidden In Tax-Themed Emails Another very popular threat during tax season is malware-laden email, purporting to come from a tax authority, usually with a threatening message urging the user to download and open an attachment. The file is actually a Trojan executable, which can sometimes be revealed by simply looking at the file extension, like in the image below. Note that the file extension is.pdf followed by.exe a Trojan executable file. One of the malware campaigns currently active in the wild is spreading the Brazilian Banker Trojan ( Bancos ) under the guise of a message from the fiscal authority in Brazil. Tax-Themed Malware Spam Email purporting to come from tax authorities, urging users to download and open an attachment. page 2

Here too, it is easy to see that the fake file extension is not really a Microsoft Word document (.docx), but rather an.exe hiding the Trojan s executable. Tax-Themed Malware Spam Email purporting to come from Brazilian tax authorities, urging users to download and open the concealed Bancos Trojan Online Tax-Filing Scams Since tax authorities have been allowing taxpayers to file their annual declarations with online service providers, criminals have been increasingly interested in phishing for access credentials to victims user accounts in hopes of rerouting the refund payments that may be due. In many cases, fraudsters check if the potential victim has already filed the return, and if not, they will proceed to filing a false declaration in the victim s name, using numbers that will result in a refund, and then attempt to have the expected payment sent to a prepaid card or an account they control. The U.S. Internal Revenue Service reported it saw an 80% increase in tax-return fraud between 2011 and 2012 a number that is likely to continue growing. One of the present campaigns running in the wild falsely alerts taxpayers that their return was rejected, all while delivering a Trojan attachment (.exe) in the guise of an archived file (.zip). Online Filing Scams Email to tax filers that a refund has been rejected and lures them to download a file with hidden malware. Taxpayer User Account Takeover Attempts In this last example of tax-themed online threats, some riminals, usually operating locally and versed with the regional processes, will attempt to phish a taxpayer for his access credentials to the tax authority s web services. page 3

From there, the criminals will attempt to gain insight into amounts possibly due to the victim, find out if they already filed a tax return, attempt to modify the account refund(s) should be sent to, or in other cases, create a fake account with an online tax filing service to submit a bogus return in order to yield a refund. The actual phishing can be carried out online, by directing taxpayers to click and browse to a hyperlink inside an email, or by opening the attack locally a local HTML phishing scam that will appear on the victim s PC. In the following image, the taxpayer received an HMTL file inside the email containing the phishing page. The URL that will appear when opening that file, will show a local path on the user s PC. Once harvested, data from such standalone attacks will end up being sent to the phisher thereafter. Tax Authority Online Service Takeover Attempt Email purporting to come from a tax authority, hosting a standalone phishing attack to harvest taxpayer information. CONCLUSION Although phishing attack numbers can fluctuate monthly and depend on factors that are harder to predict, trends such as annual tax filing season remain rather consistent. Tax-filing season is probably one of the most popular times of the year for phishers to hit taxpayers with spam and malware infections since tax authorities can be a driver that would make people react quickly to emotional triggers such as: Entitlement expecting a tax refund and wishing to receive it ASAP Anxiety being faced with the (false) accusation of a rejected/fraudulent statement and wanting to rectify the issue Sense of obligation having to comply with the civil obligation to report to the taxation authorities In terms of the time-span for this seasonal trend, tax deadlines typically fall on April 15, but fraudsters are known to begin sending this type of spam in February and continue spreading the campaigns well into May and June, in the shape of fake returns and bogus rejected/fraudulent statements. This phenomenon is often reflected in phishing attack spikes recorded annually through Q2. Just as financial institutions have been active in educating online users, tax agencies have also started similar campaigns to warn consumers to be alert during tax season. page 4

Phishing Attacks per Month RSA identified 24,347 phishing attacks launched worldwide in March, marking an 11% decrease in attack volume from the previous month, yet a 27% increase yearover-year in comparison to March 2012. 60000 50000 40000 30000 20000 10000 0 19141 Mar 12 35558 Apr 12 37878 May 12 59406 51906 Jul 12 Jun 12 49488 Aug 12 41834 35440 33768 Nov 12 Oct 12 Sep 12 29581 30151 Dec 12 Jan 13 27463 24347 Mar 13 Feb 13 Source: RSA Anti-Fraud Command Center Number of Brands Attacked In March, 260 brands were targeted in phishing attacks, marking a 1% increase from February. Of the 260 targeted brands, 46% suffered five attacks or less. 350 300 250 200 150 100 50 0 303 Mar 12 288 Apr 12 298 May 12 259 Jun 12 242 Jul 12 290 Aug 12 314 Sep 12 269 Oct 12 284 Nov 12 257 Dec 12 291 Jan 13 257 260 Feb 13 Mar 13 Source: RSA Anti-Fraud Command Center page 5

US Bank Types Attacked U.S. nationwide banks saw a slight decline in attack volume in March decreasing 6%. However, credit unions saw a relatively sharp increase, more than doubling from 8% to 17%. On occasion, phishers like to change up their attack methods and go after less targeted financial institutions, attempting to see if online/phone banking security measures with these banks could be more easily exploited. 100 80 60 40 20 0 12% 7% 20% 10% 11% 11% 9% 9% 12% 6% 15% 8% 17% 30% 11% 18% 12% 15% 15% 14% 14% 9% 15% 15% 23% 23% 58% 82% 62% 78% 74% 74% 77% 77% 79% 79% 70% 69% 60% Source: RSA Anti-Fraud Command Center Mar 13 Feb 13 Jan 13 Dec 12 Nov 12 Oct 12 Sep 12 Aug 12 Jul 12 Jun 12 May 12 Apr 12 Mar 12 a Australia South Korea Canada China India 4% Germany UK Top Countries by Attack Volume The U.S. was targeted by about half of all phishing volume in March. The UK accounted for 13% of attack volume while South Africa experienced an increase with 9% of attack volume. After the UK, the Netherlands was the country in Europe that endured the second highest attack volume in March at 5%. Canada 4% Netherlands 5% South Africa 9t% United Kingdom 13% U.S. 49% 38 Other Countries 16% page 6

a US S Africa China India 3% Italy Canada Netherlands India Bra Top Countries by Attacked Brands U.S. brands were once again most targeted by phishing in March, experiencing 27% of attack volume. Together, brands in the UK, Australia, India and Brazil accounted for 25% of attack volume. United Kingdom 12% Australia 5% Brazil 4% 39 Other Countries 48% U.S. 27% a US S Africa Netherlands 3% China Italy Colombia 3% Canada Netherlands India B United Kingdom 4% Top Hosting Countries Canada 5% In March, the U.S. hosted just over half of all global phishing attacks, followed by Germany 6% Germany, Canada and the UK. Colombia hosted 3% of phishing attacks during the month. U.S. 51% 57 Other Countries 28% page 7

CONTACT US To learn more about how RSA products, services, and solutions help solve your business and IT challenges contact your local representative or authorized reseller or visit us at www.emc.com/rsa www.emc.com/rsa 2013 EMC Corporation. EMC, RSA, the RSA logo, and FraudAction are trademarks or registered trademarks of EMC Corporation in the U.S. and/or other countries. All other trademarks mentioned are the property of their respective holders. APR RPT 0413

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information