Issue 126 - March 2012 (1st Edition) - Page 7
AICPA 'Tax Fraud Accusations' Malware Emails
Emails purporting to be from the American Institute of CPAs (AICPA) claims that the recipient's Certified Public Accountant license may be revoked due to accusations of tax fraud.
The emails are not from the AICPA. In fact, they are attempts by Internet criminals to trick recipients into installing malware.
Detailed analysis and references below example.
Last updated: 22nd February 2012
First published: 22nd February 2012
Article written by Brett M. Christensen
About Brett Christensen and Hoax-Slayer
Subject: Income tax return fraud accusations
Revocation of CPA license due to tax return fraud accusations
Dear accountant officer,
We have been informed of your alleged assistance in income tax infringement on behalf of one of your employees. According to AICPA Bylaw Paragraph 730 your Certified Public Accountant license can be withdrawn in case of the aiding of filing of a misguided or fraudulent tax return for your client or employer.
Please familiarize yourself with the complaint below and provide your feedback to it within 14 days. The failure to do so within this period will result in suspension of your Accountant license.
Subject: Termination of your CPA license
Cancellation of Public Account Status due to income tax fraud accusations
Valued AICPA member,
We have received a notice of your alleged participation in income tax infringement for one of your employers. According to AICPA Bylaw Paragraph 700 your Certified Public Accountant license can be revoked in case of the act of submitting of a misguided or fraudulent income tax return for your client or employer.
Please be notified below and provide your feedback to it within 7 days. The failure to respond within this term will result in suspension of your Accountant status.
These emails, which purport to be from the American Institute of CPAs (AICPA) and arrive complete with seemingly official AICPA logos, warn recipients that their Certified Public Accountant license may be revoked due to accusations of tax fraud. The messages claim that recipients may have submitted a "misguided or fraudulent income tax return" for a client or employer. Recipients are advised to follow a link to a complaint document and provide feedback before a specified deadline to avoid license suspension.
However, the emails are certainly not from AICPA and the claims of tax fraud are simply the bait designed to trick recipients into clicking the bogus "complaint" link. Those who do follow the link will be taken to a compromised website that attempts to use an exploit
to download malware. Subject lines and other details in the malware emails vary, but the "complaint" link in all of them leads to websites that harbour malware. The scammers have used HTML to disguise the link
so that - at first glance - it appears to point to a harmless .doc Word document when in fact it points to a website.
The scammers rely on the fact that at least a few of the people who receive the scam messages will be CPAs and, of those few, some will be panicked enough to follow the link without due care and attention. And, even a few people who are not CPAs may click the link out of curiosity or because they believe that an error has been made that needs to be rectified.
The AICPA has issued an alert about the malware attack on its website, which notes
On Thursday February 16, 2012, the AICPA became aware of a fraudulent email phishing scam using an AICPA banner and referencing the recipientís possible involvement in an unlawful income tax refund activity that was sent to numerous individuals, CPAs, non-CPAs and members of the general public.
Messages may appear to come from senders such as the AICPA, Southwest Airlines, American Airlines or other well known sources including the Better Business Bureau.
This email is not from the AICPA nor from the AICPA database.
As malware campaigns go, this is a fairly sophisticated attempt. Don't be fooled! If you receive one of these emails, do not follow any links or open any attachments that it may contain.
AICPA Spam / thai4me.com
Check Links in HTML Emails
Alert: New Email Phishing Scam Uses AICPA Logo
Pages in this issue:
- Strawberry Quick Methamphetamine Warning
- Hoax Warning: Lost Child Lure - 'New Way for Gang Members to Rape Women'
- Hoax - Right To Be Connected to an Australian Phone Rep
- Hoax - Eating Shrimp and Taking Vitamin C Can Cause Death by Arsenic Poisoning
- Ashley Flores Missing Child Hoax
- Hoax - Facebook Will Pay One Dollar Per Like to Help Baby With a Face Cancer
- AICPA 'Tax Fraud Accusations' Malware Emails
- RIAA Notification of Copyright Violation Malware Email
- Giant Snake in Electric Fence Photographs
- Cruise Control Hydroplane Warning
- Facebook Gold Status Membership Advance Fee Scam
- Ectopia Cordis Sick Baby Facebook Hoax
- Hotmail Account Closure Phishing Scam
- 'Thomas Romany's Stuff' Warning Message
- Mark Zuckerberg and Apple Partnership Survey Scam