Debunking email hoaxes and exposing Internet scams since 2003!


Hoax-Slayer Logo Hoax-Slayer Logo

DividerDivider
Home    About    New Articles    RSS Feed    Subscriptions    Contact
DividerDivider
Bookmark and Share









AICPA 'Tax Fraud Accusations' Malware Emails

Outline
Emails purporting to be from the American Institute of CPAs (AICPA) claims that the recipient's Certified Public Accountant license may be revoked due to accusations of tax fraud.



Brief Analysis
The emails are not from the AICPA. In fact, they are attempts by Internet criminals to trick recipients into installing malware.

Bookmark and Share
Detailed analysis and references below example.





Last updated: 22nd February 2012
First published: 22nd February 2012
Article written by Brett M. Christensen
About Brett Christensen and Hoax-Slayer


Examples
Subject: Income tax return fraud accusations

Revocation of CPA license due to tax return fraud accusations

Dear accountant officer,

We have been informed of your alleged assistance in income tax infringement on behalf of one of your employees. According to AICPA Bylaw Paragraph 730 your Certified Public Accountant license can be withdrawn in case of the aiding of filing of a misguided or fraudulent tax return for your client or employer.

Please familiarize yourself with the complaint below and provide your feedback to it within 14 days. The failure to do so within this period will result in suspension of your Accountant license.

Complaint.pdf

Subject: Termination of your CPA license

Cancellation of Public Account Status due to income tax fraud accusations

Valued AICPA member,

We have received a notice of your alleged participation in income tax infringement for one of your employers. According to AICPA Bylaw Paragraph 700 your Certified Public Accountant license can be revoked in case of the act of submitting of a misguided or fraudulent income tax return for your client or employer.

Please be notified below and provide your feedback to it within 7 days. The failure to respond within this term will result in suspension of your Accountant status.

Complaint.doc




Detailed Analysis
AICPA Malware Email
These emails, which purport to be from the American Institute of CPAs (AICPA) and arrive complete with seemingly official AICPA logos, warn recipients that their Certified Public Accountant license may be revoked due to accusations of tax fraud. The messages claim that recipients may have submitted a "misguided or fraudulent income tax return" for a client or employer. Recipients are advised to follow a link to a complaint document and provide feedback before a specified deadline to avoid license suspension.

However, the emails are certainly not from AICPA and the claims of tax fraud are simply the bait designed to trick recipients into clicking the bogus "complaint" link. Those who do follow the link will be taken to a compromised website that attempts to use an exploit to download malware. Subject lines and other details in the malware emails vary, but the "complaint" link in all of them leads to websites that harbour malware. The scammers have used HTML to disguise the link so that - at first glance - it appears to point to a harmless .doc Word document when in fact it points to a website.

The scammers rely on the fact that at least a few of the people who receive the scam messages will be CPAs and, of those few, some will be panicked enough to follow the link without due care and attention. And, even a few people who are not CPAs may click the link out of curiosity or because they believe that an error has been made that needs to be rectified.

The AICPA has issued an alert about the malware attack on its website, which notes:
On Thursday February 16, 2012, the AICPA became aware of a fraudulent email phishing scam using an AICPA banner and referencing the recipientís possible involvement in an unlawful income tax refund activity that was sent to numerous individuals, CPAs, non-CPAs and members of the general public.

Messages may appear to come from senders such as the AICPA, Southwest Airlines, American Airlines or other well known sources including the Better Business Bureau.

This email is not from the AICPA nor from the AICPA database.
As malware campaigns go, this is a fairly sophisticated attempt. Don't be fooled! If you receive one of these emails, do not follow any links or open any attachments that it may contain.

Bookmark and Share References
AICPA Spam / thai4me.com
Check Links in HTML Emails
Alert: New Email Phishing Scam Uses AICPA Logo

Last updated: 22nd February 2012
First published: 22nd February 2012
Article written by Brett M. Christensen
About Brett Christensen and Hoax-Slayer