Post

Beware: 'Urgent Reminder' Tax Scam Targets Microsoft Credentials

As tax season peaks, scammers are exploiting urgency to steal Microsoft credentials through phishing emails. Learn how to spot and avoid these scams.

Posted
By Tom Grant
3 min read
Beware: 'Urgent Reminder' Tax Scam Targets Microsoft Credentials

TL;DR

  • Tax season brings an increase in phishing scams, including one targeting Microsoft credentials via a QR code in a PDF attachment.
  • Scammers use urgency and convincing emails to trick users into revealing sensitive information.
  • Users should verify sources, be cautious of unsolicited emails, and use security software to protect against such threats.

Beware of the “Urgent Reminder” Tax Scam

As tax season reaches its peak, scammers are leveraging the urgency to coax individuals into revealing sensitive information, particularly Microsoft credentials. One recent example involves an email with an “Urgent reminder” attachment, containing a PDF with a QR code leading to a phishing site.

The Scam in Detail

A customer recently received an email with a PDF attachment titled “Urgent reminder.” The PDF contained a QR code, purportedly from the “Tax Services Department,” urging the recipient to update their tax records to avoid penalties. The message directed users to scan the QR code or click a link to access a “secure tax portal.”

PDF Content

“Tax Services Department

Important Tax Review and Update Required by 2025-03-16!

Dear receiver,

As part of our ongoing efforts to ensure compliance with the latest tax regulations, we are conducting a mandatory review and update of your tax records. This update must be completed by 2025-03-16 to avoid any potential penalties or disruptions to your account.

To proceed with the update, please scan the QR code below with your mobile device or click the link provided to access the secure tax portal. Once logged in, follow the prompts to review and confirm your tax information.

Thank you for your prompt attention to this matter.

Tax Services Team

This is an automated message. Please do not reply to this email.”

Scanning the QR code redirects users to a phishing site, hidden through clever use of doubleclick.net redirects. Fortunately, Malwarebytes blocked the destination, protecting the user.

Blocked Site

Malwarebytes blocks fmhjhctk.ru

Disabling protection to trace the QR code’s destination revealed a bot protection step followed by a request for Microsoft credentials, with the email address pre-filled. Entering the password sends credentials to a Russian receiver, who may sell the details on the dark web or use them to access Microsoft accounts.

Phishing Site

Common Tax Scams

The IRS’s annual Dirty Dozen list of tax scams highlights common schemes threatening tax and financial information. These scams peak during tax season. One notable issue is misleading tax advice on social media, such as the non-existent “self-employment tax credit” in the US 1.

Identifying Phishing Emails

Phishing emails often display tell-tale signs of social engineering:

  • Too Good to Be True: Unexpected large tax returns are usually bait to extract personal information.
  • Urgency: Scammers create a sense of urgency to prevent victims from thinking critically.
  • Unusual Contact: The IRS rarely contacts individuals by email, and when they do, it’s for general information in ongoing cases.

Avoiding Scams

Navigating online safely requires vigilance:

  • Verify Numbers: Confirm phone numbers by visiting official sites directly.
  • Beware of Unsolicited Contact: Be cautious of unsolicited emails or calls, especially those urging immediate action.
  • Avoid Sponsored Links: Click on organic search results instead of sponsored ones.
  • Check Website Address: Ensure the URL in the address bar is correct.
  • Avoid Upfront Fees: Websites asking for small fees upfront may be trying to obtain credit card information.
  • Never Share Sensitive Information: Use secure methods on IRS.gov for sharing personal information.
  • Use Security Software: Tools like Malwarebytes Premium block phishing domains and protect your computer and financial assets.

The IRS provides a guide to help identify legitimate IRS communications.

We don’t just report on threats—we help safeguard your entire digital identity.

Cybersecurity risks should never spread beyond a headline. Protect your—and your family’s—personal information by using identity protection.

For more details, visit the full article: source

Conclusion

Tax season brings an increased risk of phishing scams. By staying vigilant, verifying sources, and using security software, individuals can protect themselves from these threats. Understanding the tactics used by scammers and the resources available from the IRS can help ensure a safer tax season.

References

  1. IRS (2025). “Dirty Dozen Tax Scams for 2025”. IRS. Retrieved 2025-04-01. ↩︎

Cybersecurity & Data Protection, Scam Protection
cybersecurity tax scams phishing
This post is licensed under CC BY 4.0 by the author.