Microsoft has identified a large-scale phishing campaign targeting tax season activity that has affected 29,000 users. The attacks use fraudulent IRS-themed emails masquerading as refund notices, payroll forms, filing reminders, and requests from tax professionals to deceive recipients into opening malicious content.
The campaign deploys Remote Monitoring and Management (RMM) malware after successfully compromising user credentials. Microsoft's warning comes as the U.S. tax filing season creates heightened urgency around tax-related communications, making users more susceptible to social engineering tactics.