As Tax Day approaches on April 15, cyber criminals are increasingly active, using the opportunity to target individuals and businesses through phishing schemes disguised as communications from the IRS. Microsoft Security reports that many of these deceptive campaigns utilize link shorteners and malicious QR codes, a method referred to as 'quishing.' One notable scheme involved attackers mimicking DocuSign emails with links leading to malware. Users were lured into downloading a JavaScript file that ultimately installed dangerous malware on their systems.
These campaigns notably use redirection methods such as URL shorteners and QR codes contained in malicious attachments and abuse legitimate services like file-hosting services and business profile pages to avoid detection.
If access was permitted, the user received a JavaScript file from Firebase, a platform sometimes misused by cybercriminals to host malware.
Collection
[
|
...
]