Yes it is tax season in many countries, Scammers once again take advantage of this season. Security researchers spotted lot of spam emails purporting to be from Intuit Inc, the company that makes financial and tax preparation software.
The spam mail spotted by Sophos Security researchers:
subject: Your correct tax information is essential
Good afternoon,
With intent to guarantee that accurate information is being maintained on our systems, as well as to improve the quality of service we can provide to you; INTUIT INC. has taken part in the Internal Revenue Service [IRS] Name and TIN Matching Program.
For some reason your name and/or Taxpayer Identification Number, that is specified on your account is different from the information obtained from the IRS.
In order to check and correct the information on your account, please use the following link.
Yours sincerely,
INTUIT INC.
Corporate Headquarters
2632 Marine Way
Mountain View, CA 94043
Intuit have published a warning message that this may be a phishing attack. Recipients who fall far this spam mail and click the link will be redirected to a malicious site infected with Blackhole exploit kit.
Symantec researchers have come across a new variant of this spam mail that also leads you to the same malicious web page.
Symantec security solutions detect the payload downloaded from this website as Trojan.Zbot, for instance, and IPS detects this web attack as “Web Attack: Blackhole Toolkit Website 14” and “Web Attack: Blackhole Exploit Kit Website 11”.
GFI Labs malware researchers have spotted another variant of this spam mail.
Security Tips from BreakTheSecurity:
- Never click the links in emails instead type the url in browser, also make you sure it is legitimate one.
- Install an Internet Security solutions and keep it up-to-date.
- Do not respond to emails asking for account, password, banking, or credit card information.
- Never download/open the attachment from unknown sources.