February 25, 2012Blog Staff By Blog Staff

Spamvertised ‘Termination of your CPA license’ campaign serving client-side exploits

Cybercriminals are currently spamvertising ‘Termination of your CPA license‘ emails, enticing users into clicking on a malicious link supposedly redirecting to the complaint.pdf file.

More details:

The malicious attackers are also spamvertising a second variation of the campaign, this time using ‘Your accountant license can be revoked.” as a subject of the campaign.

Sample subjects: Termination of your CPA license; Your accountant license can be revoked; Your accountant CPA license termination; Income tax return fraud accusations

Sample message: Cancellation of Public Account Status due to income tax fraud allegations. Dear accountant officer,We have received a notice of your alleged assistance in income tax return infringement for one of your clients. According to AICPA Bylaw Subsection 700 your Certified Public Accountant license can be withdrawn in case of the occurrence of submitting of a misguided or fraudulent tax return on the member’s or a client’s behalf.Please be notified below and respond to it within 14 days. The failure to provide the clarifications within this time-frame will result in withdrawal of your Accountant license.

Once users click on the link, they are redirected to a compromised URL where the malicious attackers are attempting to serve client-side exploits to the unsuspecting victims.

End and corporate users are advised to avoid interacting with the emails, report them as spam/malicious, and ensure that they’re browsing the Web while using antimalware protection, and browser plugins.

You can find more about Dancho Danchev at his LinkedIn Profile. You can also follow him on  Twitter.

Share Button

3 Responses to Spamvertised ‘Termination of your CPA license’ campaign serving client-side exploits

  1. Pingback: Feb 28, 2012, Episode 250 «

  2. Pingback: Spamvertised ‘Your Amazon.com order confirmation’ emails serving client-side exploits and malware « Webroot Threat Blog

  3. Pingback: Spamvertised AICPA themed emails serve client-side exploits and malware « Webroot Threat Blog – Internet Security Threat Updates from Around the World

Leave a Reply

Your email address will not be published. Required fields are marked *