September 11, 2009, 7:12 AM — The deadline for U.S. taxpayers who have accounts with foreign banks is September 23, and spammers can’t let the date slip by without at least trying to leverage it to extract financial information from e-mail users.
Spammers are sending fake notifications to convince recipients that they have underreported or unreported income that must be reconciled for tax reasons, according to a post on Symantec’s security blog. Included with the e-mail is a link to download a file called “tax-statement.exe” that is really malware called Downloader, which installs itself on PCs and opens a communications line so that Trojans can be installed without detection.
The spam message is very specific; it tells recipients of their responsibility to pay taxes in full and on time, and also directs them to “download and execute” their tax statement from a look-alike IRS Web site, which serves up the malware leading to infection. The message even purports to include a link to the IRS’ privacy policy.
While many PC users expect bogus e-mails during tax time, this well-crafted campaign may catch people by surprise. The IRS offers tips on detecting scams here; the fact that the IRS doesn’t contact tax payers via e-mail should be the first clue that such messages are always bogus.
Do you tweet? Follow me on Twitter here.
