United Tax Spearphishing attack and a little Belgian twist

Friday

The US CERT has issued a warning that there is a spearphising attack claiming to come from the United States Tax court:

US-CERT is aware of public reports of a spear-phishing attack circulating via email messages that claim to be petitions from the US Tax Court. These messages appear to be legitimate because they may contain very specific information about the message recipient. The message requests that the user follow a link to download additional information about the petition, but if a user clicks on this link, malicious code may be installed on the system.

US-CERT encourages users to do the following to help mitigate the risk:
Review the alert posted by the United States Tax Court regarding this issue.
Do not follow unsolicited web links received in email messages.
Refer to the Recognizing and Avoiding Email Scams (pdf) document for more information on avoiding email scams.
Refer to the Avoiding Social Engineering and Phishing Attacks document for more information on social engineering attacks.
Install anti-virus software and keep virus signature files up to date.

We recently have seen other attacks claiming to be subpoenas. Now I was wondering if this was an attack aimed at Belgium, how would it be targeted? I know that our online tax system was getting an upgrade. Of course, they did this just after everyone got their tax form so people got an error page instead of a functional website. I would just send to as much as possible .be email addresses, an official looking email claiming that the site was up again and that people could proceed to the website following a link.
Of course, a critical person would think, how does the government knows my private email address (which I never provided)? But a lot of naive people would fall for this trap. So correctly planning those upgrades shows us a whole other dimension. There are a lot of other possibilities as it's always the case with social engineering.

Related posts: