SecureMac, Inc.

Checklist 323: The Principal and the Thief

April 10, 2023

Two new tax malware attacks—and the sad story of a principal who thought she was talking to Elon Musk

Checklist 323: The Principal and the Thief

On The Checklist this week:

  • Tax season malware attack
  • Tax season malware attack, eFile edition
  • Don’t blame this one on Elon

Phishing email delivers malware

We talked about 2023 tax scams back on Checklist 319. But a new one has cropped up—and it’s definitely worth knowing about.

A threat actor called Tactical#Octopus is sending out tax-themed emails to spread malware, according to reporting in The Register on new research by cybersecurity firm Securonix.  

The Register piece explains that the bad guys are sending “…emails containing a password-protected zip file (with the password included in the body of the email) with names that sound like they could be tax-related, such as or”

The unzipped documents contain a .lnk file that acts as a shortcut to malware capable of “capturing clipboard data and recording keystrokes.”

Be on the lookout for this malware threat during tax season—and as always, if you receive files or attachments from unknown senders, don’t open them!

PSA for Windows users

To continue with tax-themed malware stories, AppleInsider is warning that the official, IRS-authorized eFile website has been serving up “malware to visitors for weeks.”

According to AppleInsider, as recently as April 1 was prompting users to install a Windows botnet Trojan.

The good news for our listeners? There’s no sign that this threat affected macOS or iOS users. However, given the prevalence of Windows systems, as well as the large number of Mac owners who also use Windows computers from time to time, we wanted to sound the alarm about this tax season malware threat on The Checklist.

If you know a Windows user who may have visited the eFile site over the past few weeks, make sure to let them know that this happened—and that they should scan their computer with a good Windows antivirus immediately. 

A principal learns a lesson

A principal in Florida has fallen victim to a scam—a scam that ultimately cost her her job. The story, unfortunate though it is, contains several valuable cybersecurity lessons for the rest of us.

The principal in question was working at a charter school in Florida. For years, she had hoped to secure a donation from Elon Musk. So when a scammer approached her pretending to be Musk, she eagerly wrote the person a check for $100,000, believing that the Tesla-SpaceX-Twitter boss would reciprocate with a $6,000,000 contribution to the school.

Thankfully, the school’s business manager stopped the check before any funds were lost. But the principal was dismissed from her position over the incident.

As for the cybersecurity takeaways:

  • Remember that people who approach you online may not be who they say they are!
  • If an offer sounds too good to be true, it probably is.
  • Keep in mind that the more you want something to be true, the more vulnerable you are to scammers and social engineers. These folks are experts in preying on people’s hopes and fears.
  • Always send payments through insured methods that allow you to recover your money if something goes wrong.

Get the latest security news and deals