A new phishing campaign is exploiting tax season, targeting financial organizations and individuals globally. Attackers are impersonating tax agencies and financial institutions to steal credentials and spread malware.
The incident
Multiple phishing campaigns are impersonating legitimate entities like HM Revenue & Customs (HMRC), Intuit (US), and myGov (Australia). These emails mimic official branding and language to appear authentic, tricking recipients into believing they are from trusted organizations.
Typically, these emails contain malicious links or attachments and claim that victim’s tax account requires urgent updates or that a tax form has been rejected. Victims are then directed to fraudulent websites designed to steal credentials. Tax season scams are particularly effective due to their timing and urgency, pressuring recipients to act quickly often without verifying legitimacy.
How to spot the phishing email?
DownloadImpact of the incident
This campaign has impacted thousands of organizations across multiple countries including US, UK, Australia, Switzerland etc. In January 2025, 40,000 Intuit-themed phishing emails were sent in the US alone. Meanwhile, in Switzerland, fraud campaigns impersonated federal tax authorities, requesting bogus payments to adversary-controlled Revolut accounts.
How to stay safe?
- Carefully examine the sender’s email address. Even if the name looks correct, the domain (e.g., “hmrc.gov.uk” vs. “hmrcc.gv.uk”) might differ slightly and indicate a fraudulent email.
- Do not click links or download attachments from suspicious emails, even if they appear to be from legitimate tax agencies like HMRC, Intuit, or myGov.
- If you receive a suspicious email, contact the agency directly through official channels (e.g., their customer support) to verify the claim.
- When you receive a suspicious email, report it to your email provider or the official tax agency.
Source
New Malware Campaign Mimic Tax Agencies Attacking Financial Organizations
