This PIT-28 is a trap. CERT warns – do not be fooled by e-mails from the "treasury"
CERT, or Computer Emergency Response Team is an organization created by DARPA, whose task is to supervise Internet traffic and monitor threats. CERT Polska operates in cooperation with NASK. This time, a team of Internet security guards warns about emails related to tax settlements.
PIT-28 is one of the more popular forms in our country. Used to settle income tax using the lump sum method on recorded revenues. Such a document was found in the e-mails that CERT warns against.
CERT has published a warning against malware emails on its Twitter and Facebook accounts. This time, the pretext for a hacker attack is tax settlement time. Hackers impersonate the Ministry of Finance. They have the task simplified because in accordance with the regulations tax offices settle taxpayers and fill in their tax declarations. Of course, you can opt out of this service, but many people use the billing by the office. And they can fall victim to hackers.
We warn you against an interesting e-mail campaign urging you to install malware on your computer …
Hackers impersonate Ministry of Finance, informing about sending the PIT-28 declaration and urging to download the so-called UPO, i.e. official confirmation of receipt. Who will resist the information that only UPO is a confirmation of submission of the declaration and must be kept for 5 years? Meanwhile, it's a trap. UPO has the form of PDF, and the PDF contains a surprise, i.e. the VBS script, which launches the download of BrushaLoader malware. The next step is malicious installationego ISFB / Ursnif banker software. Ursnif steals system information and tries to steal credentials for bank and online accounts.
PIT-28 is not the most popular type of form. Polish taxpayers are more often settled using PIT-37. However, there is a method to this hacker selection. A victim of curiosity may want to open the document, convinced that there has been a mistake. This time it can be a very expensive mistake. | allthingsblogging.com