EFTPS Related Scam E-mails Circulating, Cautions GFI Software
According to the researchers from GFI Software a security company, Internet users require being aware of e-mails that claim to be messages from EFTPS (Electronic Federal Tax Payment System) of the Department of Treasury of United States.
It maybe mentioned that EFTPS provides service for free on behalf of USA's Department of Treasury to citizens wanting to pay taxes to the federation either through the Internet else over telephone.
The researchers at GFI Labs state that fake e-mails bearing the caption "Payroll declined" were found hitting mailboxes during the recent time.
Those messages tell recipients that it wasn't possible to accept their batch payment; however, to access the transaction particulars along with date, users require following a web-link and thereon opt for their Batch Provider.
In the meantime, the web-link doesn't lead onto the EFTPS website rather it opens one malicious site, which serves the Cridex PC worm. Understandably, Cridex disseminates via making its replica onto detachable as also mapped drives. In addition, the malware creates backdoor facilities that allow pulling down malicious content onto the hijacked PC.
Reportedly, the researchers attribute the misappropriation of EFTPS' name by cyber-criminals in their malicious e-mails to payroll processors' immediate attention likely getting drawn to such e-mails. Conversely, incase the crooks also become capable towards contaminating the payroll handling person's computer then they can acquire admission into massive sensitive data followed with utilizing the same for committing ID-fraud.
Meanwhile, aside GFI Software, another security company Webroot too detected the electronic mail scam related to EFTPS' name. Additionally, the malware served through the scam e-mails that Webroot found too is identical i.e. Worm:Win32/Cridex.E. Webroot's security researchers state that following effective client-side exploitation, 25 anti-virus engines of the total 46 of VirusTotal could detect the worm.
In the end, e-mail scammers exploited EFTPS' name previously too in their malevolent campaigns when during August 2012, fake e-mails targeted consumers telling that their electronically paid tax for the federation via EFTPS couldn't be accepted and that they required opening one web-link to get the transaction report, although on clicking the link, malicious software actually got installed onto the affected PC.
» SPAMfighter News - 25-01-2013