{"id":6143,"date":"2012-02-25T14:41:05","date_gmt":"2012-02-25T21:41:05","guid":{"rendered":"http:\/\/blog.webroot.com\/?p=6143"},"modified":"2018-01-30T13:03:17","modified_gmt":"2018-01-30T20:03:17","slug":"spamvertised-termination-of-your-cpa-license-campaign-serving-client-side-exploits","status":"publish","type":"post","link":"https://www.webroot.com/blog/2012\/02\/25\/spamvertised-termination-of-your-cpa-license-campaign-serving-client-side-exploits\/","title":{"rendered":"Spamvertised &#8216;Termination of your CPA license&#8217; campaign serving client-side exploits"},"content":{"rendered":"<p style=\"text-align:center;\"><a href=\"http:\/\/webrootblog.files.wordpress.com\/2012\/02\/cpa_license_exploits.png\"><img decoding=\"async\" loading=\"lazy\" class=\"aligncenter  wp-image-6144\" title=\"CPA_license_exploits\" src=\"http:\/\/webrootblog.files.wordpress.com\/2012\/02\/cpa_license_exploits.png\" alt=\"\" width=\"327\" height=\"226\" \/><\/a><\/p>\n<p>Cybercriminals are currently spamvertising <em>&#8216;Termination of your CPA license<\/em>&#8216; emails, enticing users into clicking on a malicious link supposedly redirecting to the <strong>complaint.pdf<\/strong> file.<\/p>\n<p>More details:<\/p>\n<p><!--more--><\/p>\n<p>The malicious attackers are also spamvertising a second variation of the campaign, this time using &#8216;<em>Your accountant license can be revoked.<\/em>&#8221; as a subject of the campaign.<\/p>\n<p><strong>Sample subjects:<\/strong>\u00a0<em>Termination of your CPA license;\u00a0Your accountant license can be revoked;\u00a0Your accountant CPA license termination;\u00a0Income tax return fraud accusations<\/em><\/p>\n<p><strong>Sample message:<\/strong>\u00a0<em>Cancellation of Public Account Status due to income tax fraud allegations.\u00a0Dear accountant officer,We have received a notice of your alleged assistance in income tax return infringement for one of your clients. According to AICPA Bylaw Subsection 700 your Certified Public Accountant license can be withdrawn in case of the occurrence of submitting of a misguided or fraudulent tax return on the member&#8217;s or a client&#8217;s behalf.Please be notified below and respond to it within 14 days. The failure to provide the clarifications within this time-frame will result in withdrawal of your Accountant license.<\/em><\/p>\n<p>Once users click on the link, they are redirected to <strong><a href=\"https:\/\/www.virustotal.com\/url\/fd6baf606473d057b7b9209f50699a7914d3de45c77cbc843892083f5b76af27\/analysis\/1330021897\/\">a compromised URL<\/a><\/strong> where the malicious attackers are attempting to serve client-side exploits to the unsuspecting victims.<\/p>\n<p style=\"text-align:center;\"><a href=\"http:\/\/webrootblog.files.wordpress.com\/2012\/02\/cpa_license_exploits_01.png\"><img decoding=\"async\" loading=\"lazy\" class=\"aligncenter  wp-image-6146\" title=\"CPA_license_exploits_01\" src=\"http:\/\/webrootblog.files.wordpress.com\/2012\/02\/cpa_license_exploits_01.png\" alt=\"\" width=\"568\" height=\"323\" \/><\/a><\/p>\n<p>End and corporate users are advised to avoid interacting with the emails, report them as spam\/malicious, and ensure that they&#8217;re browsing the Web while using antimalware protection, and <strong><a href=\"http:\/\/www.mozilla.org\/en-US\/plugincheck\/\">browser plugins<\/a><\/strong>.<\/p>\n<p><em>You can find more about Dancho Danchev at his\u00a0<strong><a href=\"http:\/\/nl.linkedin.com\/in\/danchodanchev\">LinkedIn Profile<\/a><\/strong>. You can also\u00a0<strong><a href=\"http:\/\/www.twitter.com\/danchodanchev\">follow him on \u00a0Twitter<\/a><\/strong>.<\/em><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Cybercriminals are currently spamvertising &#8216;Termination of your CPA license&#8216; emails, enticing users into clicking on a malicious link supposedly redirecting to the complaint.pdf file. More details:<\/p>\n","protected":false},"author":65,"featured_media":17048,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[3005],"tags":[],"yst_prominent_words":[3485,9925,9919,3881,9563,9929,9921,9931,7041,9917,9923,4065,9447,6531,7215,9927,9915,9913,3529,3471],"acf":[],"_links":{"self":[{"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/posts\/6143"}],"collection":[{"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/users\/65"}],"replies":[{"embeddable":true,"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/comments?post=6143"}],"version-history":[{"count":1,"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/posts\/6143\/revisions"}],"predecessor-version":[{"id":23878,"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/posts\/6143\/revisions\/23878"}],"wp:featuredmedia":[{"embeddable":true,"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/media\/17048"}],"wp:attachment":[{"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/media?parent=6143"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/categories?post=6143"},{"taxonomy":"post_tag","embeddable":true,"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/tags?post=6143"},{"taxonomy":"yst_prominent_words","embeddable":true,"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/yst_prominent_words?post=6143"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}