SECURITY experts are warning that a cyberattack dubbed “TACTICAL#OCTOPUS” could be lurking in your email inbox.
The scam is said to target people in the US and it’s related to tax returns.
Researchers at Securonix revealed the scam in a recent report.
They explained: “A phishing email with a password-protected zip file is delivered to the target using tax-themed lures.”
The experts have observed the “TACTICAL#OCTOPUS” scam before and have been tracking it recently.
They think cybercriminals are changing it up so the scam emails may go unnoticed.
“One noticeable difference is that the attackers have shifted from encoded IP addresses to using known, publicly available URL redirect services, in particular rebrand[.]ly.
“At the time of writing, the redirect URLs have been blocked by the redirect service.”
Cybercriminals are known to step up attacks around the time of year for tax returns and this year is no different.
The researchers added: “At this point in time it is safe to assume that the TACTICAL#OCTOPUS campaign is still ongoing and will likely continue (or shift gears) once the tax season in the US wraps up for the April 18th deadline.
“We will continue to monitor the situation and provide updates as we learn more.”
If you receive a suspicious or random email regarding your taxes you should be very cautious.
Never reveal financial or personal information unless you know you’re sharing with a legitimate and trust worthy source.
HOW TO AVOID A PHISHING SCAM
Firstly, you should be thorough when checking who the email is from.
Even if it looks official, double-check the email and look for any spelling mistakes or slight abnormalities in the sender’s email address.
Never feel pressurised into opening an attachment and avoid clicking the phrase “enable content.”
You should also be wary of links in emails.
If you’re certain an email you have received is a scam, report it to your email provider and delete it.