Never click on any links in emails, SMS, and messaging platforms – especially if the message urges you to take some immediate action.
The phishing attempt starts out via a fraudulent SMS that notifies victims of a supposed reimbursement that they qualify for. According to the SMS, all they need to do to receive the reimbursement is to fill out a form on the agency's website.
When the user clicks on the link, it redirects them to a page posing as the Tax Agency and asks for their credit card details, including the CCV and PIN codes.
It's important to note that while this phishing attempt tries to mimic the agency’s real website, it really lacks most of the genuine website’s functionality. For example, it’s not possible to change the language of the site, although the option is there.
When the credit card info is entered by the user, it appears that the site processes it.
Finally, it asks victims to enter a code that they’re supposed to receive via SMS (which the victim never gets), or alternatively, to open their mobile banking app where they’re supposed to get a notification of the reimbursement.
Of course, there will be no notification or SMS code received – these are both simply parts of the phishing attack at work.
The promise of a free movie download led thousands of people into unintended malware.
Avast recently discovered a series of malicious browser extensions on the Chrome Web Store that are spreading adware and hijacked search results.