Tax season email attacks: AdWind RATs and Tycoon 2FA phishing kits

As tax season approaches, the prevalence of scams increases, with scammers exploiting opportune moments when people may be less vigilant. These scams often involve sophisticated techniques such as VIP impersonation, where attackers mimic high-ranking executives to gain credibility, and tax-themed phishing attacks that impersonate services like DocuSign to steal credentials. Sublime's detection systems, which use machine learning and a variety of signals to identify malicious intent, have intercepted multiple scams this year, including those using newly registered domains and urgent language to trick targets. One highlighted scam involved malware delivery via a fake PDF linked to a tax assistance request, while another utilized QR codes in a multi-step process to harvest credentials. The text emphasizes the importance of being cautious of these layered attacks, which often begin with seemingly innocuous emails, and highlights the role of technological solutions in identifying and mitigating such threats. Sublime offers AI-powered detection tools to help individuals and organizations protect themselves from these evolving email-based threats.