Filing your taxes? Be wary of help found through search engines

Credit to Author: Christopher Boyd| Date: Thu, 14 Apr 2022 12:42:07 +0000

The deadline for filing your taxes in the US is nearly upon us. April 18 is the very last date that you can afford to hand your tax returns in to the IRS.

People will naturally gravitate toward all manner of filing tools to get the job done. But it’s worth noting that sites are lurking in search engine results to potentially make it harder to file, not easier.

Taxing times in search engine land

One such tool used to complete tax returns is TurboTax. This product requires a registration code to activate, and this is where the search engine results come into play. Some folks have issues registering or installing software for a variety of reasons. Maybe it’s hardware, perhaps it’s the software. Incompatibility frequently rears its head, and sometimes other third-party software may be interfering with installation.

Entire industries exist on forums and elsewhere to provide answers to the most obscure tech issues you can possibly imagine. While many solutions can usually be found for these issues, it pays to be cautious where search results are concerned.

Searching for install instructions

Hunting for “install Turbotax” in Yahoo, for example, brings us the following results:

It’s currently the first result after the sponsored ad and the official link. Here’s the site in question:

Hitting the “Click me” button directs visitors to the next step in the process, hosted elsewhere. It asks visitors to sign into their account, then activate their purchase and get on with sorting out their tax returns.

It’s license key time

Site users are asked to enter their 16-digit activation code.

Two things to note here. The site will allow any code with a minimum of four digits and up – it doesn’t have to be a maximum of 16. There is clearly no checking taking place for the code entered. What happens if you punch in a too short, non-existent activation key? You’re told that the activation attempt has failed, not that your code is too short.

Sending whoever runs this site your activation code means that the people running the site may now have your activation code. As a general rule of thumb, you shouldn’t give licence or registration keys for any product to anybody. Depending on product, you may be handing a stranger your one-time use key. When that happens, you then have the problem of figuring out how to get it back.

There’s a few official support situations where informing somebody of a key’s details will be required. This isn’t one of them.

“Contact the support team…”

Help is at hand with the supposedly failed activation:

The page says:

Sorry, your code has failed to activate.

Detected issue:

  • Your activation code is stolen
  • Code expired
  • Repeated use of code
  • Your code is not generated in database
  • Or your system is virus infected

Note: Repeated failure may lead to expire code. Do not try to enter your code again and again.

Contact support team to fix this issue immediately: [number removed]

Error code: OOXOOO16FA and Correlation ID: c147654ad-41fg-ds7df-cfa9f5jhdjhsg

Keep your activation code ready while speaking to customer support

This “error code” often pops up on various forms of tech support scam, so there’s another bad sign.

What is happening in these support calls?

A colleague sent over a Reddit link detailing an example of a call between someone handling the “support” conversation on behalf of their father, who had originally arrived on a related landing page found via basic searching:

Turbotax call

There’s a lot to take in there in terms of not sounding particularly credible.

  1. The TurboTax code activation being interrupted due to “foreign connections on the network”
  2. The caller being connected to the person’s relative via TeamViewer with Netstat open
  3. Non-official URLs open on the desktop

These are all frequently signs of tech support scams, often involving the installation of bogus security tools alongside additional payment. The fact that the page which claims the activation key doesn’t work may be down to a “virus infection”, alongside the bogus error code found on many tech support scams, makes this something to steer well clear of.

We reported both the initial landing page and the activation code page. The URL for the latter has been suspended. However, sites like these tend to use fallback URLs and webspace so it might not be gone for good.

Don’t make tax season even more taxing than it has to be

If you need help installing or activating a product, contact the relevant company directly. Don’t leave it in the hands of search engines to decide your fate. Paid results, adverts, SEO gaming, or even SEO poisoning can all cause big problems. With the tax deadline ticking down, you simply can’t afford to get into stolen key/broken computer antics this late in the process.

The post Filing your taxes? Be wary of help found through search engines appeared first on Malwarebytes Labs.

https://blog.malwarebytes.com/feed/