Analysis by: Franz Ryan Englis

We recently received phishing mails that take advantage of the 2015 tax season in the United States as a social engineering lure to target unwitting users. The keywords used in the phishing email include Tax Exemption Notification in the email subject.

The email body contains an image banner of the Internal Revenue Service (IRS) to appear legitimate. The message in the email goes on to tell its recipient that he/she is a 'non-resident and is exempted from the United Sates of America Tax reporting and withholding on interest paid to you on your account and other financial benefits.' The email sender then plays the Good Samaritan and says that she will 'do her best' in order to help the email recipient with the exempt status.

This is when the email sender phishes information from users by urging them to give out sensitive information by completing the W-8BEN form in the attached .PDF file.

Another email appears to come from the HM Revenue and Customs, a UK government institution. It lures users into opening the message by using the subject tax refund.

Users who fall for this lure are invited to download the form attachment, which opens in the browser. The form is a phishing page that captures information that are provided in the fields.

Tax payers must stay vigilant by learning to discern between legitimate and fake emails. Spammers are always on the lookout for people to scam by taking advantage of these timely topics.

 SPAM BLOCKING DATE / TIME: 04 March 2015 GMT-8
 TMASE
  • TMASE Engine: 7.5
  • TMASE Pattern: 1374