In the second quarter of 2019, Kaspersky experts discovered multiple emails pretending to be offering tax recovery offers worldwide. Tax authorities around the world have set a deadline for tax returns and refunds in many countries. Criminals have tried to exploit this phenomenon to steal valuable information or install dangerous spyware in some cases. These and other findings were revealed in Kaspersky's report on spam and phishing messages for the second quarter of 2019.

Spam and phishing messages usually contain links that lead users to a seemingly official web page, but created by fraudsters who aim to steal different types of personal information. These messages often exploit seasonal activities to beat their victims with more powerful tricks than usual, given that there is little awareness about them compared to the usual threats. In cases of temporary disguise, scammers can use one of the most effective social engineering techniques, namely, to determine the time required to execute what is required, and to justify it by linking it to real-life conditions, making the victim inclined towards spontaneous decisions.

The spate of tax fraud fraud came under the guise of tax recovery letters with close expiration dates. For example, exploiters used major tax services in Britain to delude victims of the need to follow a link and fill out the form that leads to it immediately, while e-mails received under the guise of the Canadian Government Revenue Authority gave the recipient only 24 hours to respond, otherwise A tax refund will not be possible.

An example of a disguised phishing page as a tax refund form of the Canadian Revenue Authority

In addition, some emails analyzed by Kaspersky experts included malicious attachments disguised as copies of the recovery model, while in fact they are either a malicious downloader to download more malware to users' computers when the file is run, or a backdoor (multifunctional malware) Allows criminals to remotely access the infected device. Malicious file capabilities include monitoring keystrokes on the keyboard, stealing passwords for browsers, Windows accounts, and recording video from a computer camera. Fraudsters make sure the malicious file looks like a zip file that contains important information for tax model updates to convince users to run it.

Kaspersky security researcher Maria Fergus said that spam-phishing and phishing messages, which are associated with certain seasons, could become "highly effective," explaining that the arrival of such messages in the inbox "is often expected and anticipated." Unlike most fraudulent “unique offer” frauds to consumers, she added: “The deceived victim may not realize that she has been cyberattacked and that she has disclosed access credentials to her accounts or email until it is too late and the consequences occur. In having sweet Not only does it prevent malware from running and notifying the user of its threat, but it also includes spam and phishing filters that prevent it from appearing in your inbox. "


In the second quarter of 2019, the amount of spam peaked in May, at 58%. The share of spam in the global e-mail traffic was 55%, an increase of 5% over the second quarter of 2018. The total number of phishing attacks in the second quarter of this year increased by 21% compared to a year ago. It reached 129,933,555 attacks. In the second quarter, China became the most common source of spam, 23.72%, surpassing the United States (13.89%) and Russia (4.83%).

Kaspersky advises users to take the following measures to avoid stealing their personal information and preventing malware attachments:

· Always check the link address and email of the sender before clicking anything that accesses the email.

· Check if the link address can be seen in the email, and it is the same as the actual address the user will take to. This can be verified by hovering the mouse over the link.

· Avoid downloading email attachments that come from unfamiliar email addresses before checking them with an advanced security solution. If the email looks intact, it is best to check this by accessing the website of the person who supposedly sent it.

· Never share sensitive data with third parties, such as login credentials, passwords, bank card data, etc. Companies and banks will never request such data via e-mail.

· Use a trusted security solution with behavior-based anti-phishing technologies, such as Kaspersky Total Security, to detect and block spam and phishing attacks and prevent malicious files from running.