A new tax refund phishing campaign spotted targeting Greeks

September 15, 2022
Tax Refund Phishing Campaign Greek Europe Greece Social Engineering Tax Refurn

Greek taxpayers have become the recent target of a novel phishing campaign involving impersonating a tax refund website to steal credentials. In the fake tax refund platform, victims are tricked into entering their banking details for supposed identity verification and giving their authorisation for a tax refund.

The highlight of this phishing campaign is that the victims do not need to hit the submit button on the malicious site. The threat actors have engineered the operation to allow them to collect the details as they are still being typed, making it easier for them to succeed despite a victim changing their minds amid the process.

 

The Greek taxpayers are sent a phishing email, allegedly from the Tax Office, stating that the targets are about to receive a tax refund but need to verify their identities first.

 

As indicated in the phishing email, the victim must click the attached link to be redirected to the tax refund website and log in for identity verification, alongside their authorisation for the refund. From the experts’ observation of the malicious email, the attackers used multiple phishing URLs, raising apparent red flags.

Seven major Greek banks are presented on the fake tax portal, and the victims are instructed to select one for their servicing bank. Each selection would redirect the victim to another page hosted on the same phishing domain, where they must now enter their credentials.

Using a JavaScript keylogger, the threat actors could capture the pages along with the keystrokes performed by the victim and then forward them to the remote server. This keylogging technique would allow the hackers to harvest the credentials even if the victim decides not to submit their details halfway through the process.

In this campaign, web browsers blocking third-party trackers are deemed useless, as the used JavaScript keylogger will still load and work as intended, even with activated blockers.

Security experts highlight that this phishing technique against the Greek taxpayers is uncommon but could begin a new trend for all cybercriminals in the threat landscape. Furthermore, the success rate of this campaign is higher than the usual phishing schemes, elevating the risk to people’s safety online.

Since threat actors have been becoming cleverer about their attack methods, people must also be more aware and careful about attack attempts against them. Suspicious emails from unfamiliar senders must be treated apprehensively at all times.

It is also wise to ignore the links attached to these emails and visit the official websites to confirm the claims stated in the message’s content.

About the author