2015 Tax Season Spam Used to Download TorrentLocker Ransomware

Cybercriminals have been taking advantage of tax season for years, and 2015 is no different. Earlier this month we've received samples of two ongoing spam campaigns socially-engineered to take advantage of taxpayers from the United Kingdom as well as those from the ANZ region. While the former is fairly typical - a socially-engineered spammed mail that leads to a phishing page - the second is one to take note of, as it leads to an infection of notorious cryptoransomware Torrentlocker.

The first spam campaign sample, targeting taxpayers from the UK, starts by passing itself off as an official notification from the HM Revenue and Customs, a UK government institution. It directs users to open a form attachment, which leads them to a phishing page that asks for personal information (name, address, credit card numbers, PIN).

[READ: Scammers Plague 2015 Tax Season]

The second spam campaigns sample, this time targeting ANZ taxpayers, purports itself to be from the Office of State Revenue. It directs users to click on a button that leads them to a phishing page. This page also downloads a strain of Torrentlocker onto their systems, namely TROJ_CRILOCK.XWE. Should users get infected by this particular ransomware, they may find their important files and documents encrypted and held for ransom.

[READ: TorrentLocker Takes Advantage of 2015 Tax Season]

To avoid becoming victim to these threats, users need to recognize that seasonal events (such as tax season) always has socially-engineered threats like these. The same goes for any big worldwide events or controversial news (world Cup, Olympics, celebrity deaths). From there, it's a matter of not opening suspicious emails that ask you to click on links or opening archives. If you must open a similar mail like the examples above, then verify with the organization first before doing so (either by visiting them directly or asking them about the mail on their hotline). Lastly, a security solution that blocks these threats before they can even reach your inbox is essential.
HIDE

Like it? Add this infographic to your site:
1. Click on the box below.   2. Press Ctrl+A to select all.   3. Press Ctrl+C to copy.   4. Paste the code into your page (Ctrl+V).

Image will appear the same size as you see above.