Windows Users Given 24-Hour Warning As Attackers Strike

Windows Users Given 24-Hour Warning As Attackers Strike

As the April 15 deadline for filing taxes in the U.S. draws near, threat actors are using a clever tactic to try and hack Microsoft account passwords. With just 24 hours left on the clock, Windows users have been issued a warning: be cautious of phishing attacks that promise tax refunds or urgent notifications from the IRS.

According to Peter Arntz, a malware intelligence researcher at Malwarebytes, attackers are exploiting the stress and urgency surrounding the tax deadline to trick people into revealing their Microsoft account credentials. The attack starts with an email containing an attachment titled "urgent reminder" and claims to be a tax review and update reminder.

Arntz warns that if you scan the malicious QR code contained within the PDF file, you'll be asked to enter your Microsoft account credentials, which will then be sent to a Russian receiver who will decide how to use them. "Entering your password will send your credentials to a Russian receiver," Arntz said. "Who will decide what the most profitable way to use them is."

But don't think this threat only affects Windows users or those with an extension to file their taxes on a different date. This phishing attack will continue to pose a danger to all users for months to come, thanks to the use of AI-generated notifications and text message threats delivered via smartphone farms.

"When it does [the IRS contacts you by email], it is only to send general information and in an ongoing case with an assigned IRS employee," Arntz advised. "The IRS itself has a dedicated site to help you recognize tax scams and fraud, whether you're a Windows user or not."

Malwarebytes advises being alert to messages promising unexpected tax refunds as well as urgent notifications with a "click here" to complete your tax return. If you receive such an email, do not click on the link. Instead, report it to the IRS and Microsoft immediately.

I'd recommend reading the IRS's dedicated site to help you recognize tax scams and fraud, whether you're a Windows user or not. It's always better to be safe than sorry when it comes to protecting your online accounts from cyber threats.