Microsoft has identified phishing campaigns using tax-related lures to deploy malware and steal credentials. These attacks leverage QR codes, PDF attachments, and phishing-as-a-service (PhaaS) platforms like RaccoonO365 to evade detection. Threat actors, including Storm-0249, are targeting U.S. organizations with fake Docusign pages and Microsoft 365 login screens to steal data.

Malware such as BRc4, Latrodectus, Remcos RAT, AHKBot, and GuLoader are being distributed through malicious links, email attachments, and fake security alerts. Organizations are urged to implement phishing-resistant authentication, use secure browsers, and enable network protection to block malicious domains.
Sources.