Attacks/Breaches

12/13/2017
12:00 AM
Dark Reading
Dark Reading
Products and Releases
50%
50%

IRS Warns Taxpayers, Tax Pros of New Email Scam Targeting Hotmail Users

New phishing email scam targets Hotmail users using IRS as bait.

WASHINGTON — The Internal Revenue Service today warned taxpayers and tax professionals of a new email scam targeting Hotmail users that is being used to steal personal and financial information.

The phishing email subject line reads: “Internal Revenue Service Email No. XXXX | We’re processing your request soon | TXXXXXX-XXXXXXXX”. The email leads taxpayers to sign in to a fake Microsoft page and then asks for personal and financial information.

The IRS has received over 900 complaints about this new phishing scheme that seems to exclusively target Hotmail users. The suspect websites associated with this scam have been shut down, but taxpayers should be on the lookout for similar schemes.

Individuals who receive unsolicited emails claiming to be from the IRS should forward it to [email protected] and then delete it. It is important to keep in mind the IRS generally does not initiate contact with taxpayers by email to request personal or financial information. For more information, visit the “Tax Scams and Consumer Alerts” page on IRS.gov.

The IRS reminds tax professionals to be aware of phishing emails, free offers and other common tricks by scammers. Tax professionals who have data breaches should contact the IRS immediately through their Stakeholder Liaison. See Data Theft Information for Tax Professionals

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
White House Cybersecurity Strategy at a Crossroads
Kelly Jackson Higgins, Executive Editor at Dark Reading,  7/17/2018
Lessons from My Strange Journey into InfoSec
Lysa Myers, Security Researcher, ESET,  7/12/2018
What's Cooking With Caleb Sima
Kelly Jackson Higgins, Executive Editor at Dark Reading,  7/12/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-14339
PUBLISHED: 2018-07-19
In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the MMSE dissector could go into an infinite loop. This was addressed in epan/proto.c by adding offset and length validation.
CVE-2018-14340
PUBLISHED: 2018-07-19
In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, dissectors that support zlib decompression could crash. This was addressed in epan/tvbuff_zlib.c by rejecting negative lengths to avoid a buffer over-read.
CVE-2018-14341
PUBLISHED: 2018-07-19
In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the DICOM dissector could go into a large or infinite loop. This was addressed in epan/dissectors/packet-dcm.c by preventing an offset overflow.
CVE-2018-14342
PUBLISHED: 2018-07-19
In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the BGP protocol dissector could go into a large loop. This was addressed in epan/dissectors/packet-bgp.c by validating Path Attribute lengths.
CVE-2018-14343
PUBLISHED: 2018-07-19
In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the ASN.1 BER dissector could crash. This was addressed in epan/dissectors/packet-ber.c by ensuring that length values do not exceed the maximum signed integer.