Malware and Phish Alert - Canada Revenue Agency
Description
There is currently an email message circulating that has been received by multiple users with the subject "Track your Tax Refund." or similar. The message appears to be from "Canada Revenue Agency", with the address "tax.contact@cra.ca" The message reports that you are eligible to recieve a tax refund.
From: Canada Revenue Agency <tax.contact@cra.ca>
Subject: Track your Tax refund.
To: username@uregina.ca
Canada Revenue Agency
After the last annual calculations of your fiscal activity we have determined that you are eligible to receive a tax refund.
Please track your refund.
Continue to Sign-In Partner [link to external website not run by CRA].
My Account allows you to track your refund, view or change your return, check your benefit and credit payments, view your RRSP limit, set up direct deposit, receive online mail, and so much more.
© Copyright 2017, Canada Revenue Agency
Impact
The link to the provided in the email address attempts two seperate attack vectors.
1. The website attempts to infect any visitor with malware. Malware is a catch-all term for various malicious software, including viruses, adware, spyware, browser hijacking software, and fake security software.
Once installed on your computer, these programs can seriously affect your privacy and your computer's security. In this case, the website will attempt to infect your workstation with MAL/HTMLGen-A.
2. Redirects you a fraudlent CRA Portal which requests credentials. Phishers use many different tactics to lure you, including email and web sites that resemble well-known, trusted institutions. A common phishing practice involves spamming recipients with a fake message under the name of a trusted institution. The purpose of this fake message is to trick you into providing personal information, such as user name and password.
Most of these messages were marked as spam, but several reached end user inboxes.
Resolution
- Go to the Information Services homepage at http://www.uregina.ca/is and click "Change Password" in the Quicklinks on the right side.
- Additionally, if malware protection is not installed, up to date/current, or is not running, it is recommended that you ensure a malware scan has been completed.
Resources
See the Phishing Resources page.
See the Malware Resources page.
See CRA's fraud protection page.
See Canadian Anti-Fraud Centre's Tax Scams page.
Please contact the IT Support Centre if you require assistance:
Phone 306-585-4685
Email IT.Support@uregina.ca
Webform http://www.uregina.ca/is/forms/ticket.html