The Daily Decrypt
Image-Based Phishing, Tax Season Scams, Espionage in Russia, and Crypto Wallet Breaches

Today, we explore the alarming rise of image-based and QR code phishing that’s outsmarting 76% of organizations, the ingenious tax-related scams preying on taxpayers and professionals alike, and a unique espionage case alongside a digital heist targeting cryptocurrency wallets. Discover the latest cybersecurity threats and learn how to safeguard your digital footprint against these evolving schemes. Your vigilance is your best defense in the digital age.

Articles referenced:

Thanks to Jered Jones for providing the music for this episode.

Logo Design by

Tags: cybersecurity, phishing attacks, tax scams, QR code scams, image-based phishing, tax filing deadline, IRS scams, espionage, cryptocurrency wallet, Python packages, digital security, cybercrime prevention, BIPClip operation, South Korean espionage, tax professionals, identity theft

Search Phrases:

  • How to avoid phishing scams
  • Tax filing scams 2024
  • Latest IRS scams
  • Protecting against QR code phishing
  • Image-based phishing attacks
  • Cybersecurity tips for tax season
  • Cryptocurrency wallet security
  • Espionage cases in Russia
  • BIPClip Python package scam
  • Safeguarding digital information
  • Cybercrime trends in 2024
  • Security measures for tax professionals
  • Preventing identity theft during tax season
  • Digital defense against phishing
  • Understanding cybersecurity threats


Mar 13

[00:00:00] announcer: Welcome to The Daily Decrypt, the go to podcast for all things cyber security. Get ready to decrypt the complexities of cyber safety and stay informed. Stand at the frontier of cyber security news, where every insight is a key to unlocking the mysteries of the digital domain. Your voyage through the cyber news vortex starts now.

[00:00:29] offsetkeyz: Welcome back to the daily decrypt.

Today, we’re going to be talking about image-based. Phishing scams to include QR codes, but also just regular images.

Highlighting a discovery that a staggering 76% of organizations find themselves in snared by image-based and QR code phishing. After that we’re going to switch gears and talk about some tax time tricks, where the IRS flags down. New and classic scams as the tax deadline looms.

We’re also discussing the first ever.

South Korean citizen.

Has [00:01:00] been detained by Russia for espionage.

As well as seven new Python packages that have been known to drain your crypto wallet.

[00:01:13] offsetkeyz: Alrighty. So one of the most important hacks out there. Is called fishing and we’re all hopefully very familiar with how that works. Clicking links in emails is the most classic way that people get phished.

But attackers are starting to evolve.

According to Osterman research, 93% of it, security professionals are aware of image-based phishing attacks, targeting their organizations.

70% of these organizations feel their current security stacks are effective against . Image-based QR code phishing attacks. Yet 76% were still compromised in the last 12 months, according to iron scales and Osterman research.

So we’ve all heard of QR codes. It’s essentially when you scan this weird digitized black and white [00:02:00] image and a link or a URL pops up in your camera, then you click on it and you go about your day. We all understand how that can be pretty malicious. You can hide links in there.

They can make it look like you’re going somewhere that you’re not. Watch out for QR codes.

What I didn’t realize was going on as well, or what’s called image based phishing scams.

And those can range from. Injecting malicious code into a company’s logo.

Too. Images that look like plain text. So almost like a screenshot of text, but it’s just an image.

But when you click on these images, They redirect you to the malicious URLs, but those URLs are buried so deep in the images, metadata. That they bypass a lot of security measures.

If the email is just containing an image that. Shows text that text, actually, isn’t getting scanned.

And thus bypassing its security checks.

And if you’re looking at your email and you’re seeing text.

Simply clicking to highlight [00:03:00] something. Can activate the URL in that image.

So the best way to catch this is to have any sort of redirect protections in your email address, like Mimecast or something like that, where.

It keeps it all. Self-contained in the app. There’s nothing being downloaded. You’re not allowed to redirect out. Maybe you’re prompted once you click on something to say, Hey, is this where you’re intending to go?

Because this is where the link goes.

But watch out, try not to click any images in your emails.

[00:03:40] offsetkeyz: Tax day is looming. It’s coming up in a few weeks. And we just wanted to talk a little bit about the scams that you might be seeing or will see as this deadline approaches.

One of the toughest ones to spot is physical mail scams. They will look exactly like they came from the IRS. And they’ll often [00:04:00] say.

You are owed some sort of money from the IRS.

Maybe in the form of an unclaimed refund.

Or simply stating that you paid too much last year and we want to give you some money back.

These are hard to.

Spot, because this is a real type of mail that you could get.

So I’m not going to tell you not to respond to this male. Just be cautious and verify that it’s actually coming from the IRS. If you do reply to the mailing, ask for a contact number that you can call to verify.

Maybe Google. Some of the verbiage that are found in these letters, maybe the address, the return address, Google, some of that stuff to see if it’s. Actually going to the IRS or if it’s going somewhere else.

An extremely common scam is when taxpayers are getting calls from fake IRS agents.

Often falsely accusing them of owing more tax. And. Creating a sense of urgency by describing the punishments that will come about. If they do not pay this [00:05:00] owed tax. On this one, it’s really important to know that. The IRS will always initiate communication through the mail, which makes that previous scam harder to find.

But anyone who’s calling you from the IRS is immediately a scam. If you take nothing else away from this episode, know that you will never get a call from anyone from the IRS.

On that note also keep an eye out for any sort of emails from the IRS. Like I said before, they will always initiate communications through the mail. And this fourth scam. You might not even know about, but. Scammers can take information that they found on you on the web or on the dark web, whether that be your address or your social security number or all these things, and actually file tax returns.

For you just.

Redirecting the return money to them. So it behooves you to file early, to try to get ahead of this. But keep an eye out.

For any signs that your refund. Has gone to somebody else. If it has contact the IRS, maybe [00:06:00] even contact the FBI.

If you are a tax professional, you are not exempt from these scams. One of the most common ones out there is.

Fake taxpayers reaching out to you for your services.

This will often be through email and it will be a phishing attempt. If you click any of the links. They could redirect to somewhere you don’t want to be.

They might also reach out asking for your electric filing identification number under the pretext of verification. But with the intent to hijack your identity and file fraudulent returns.

All taxpayers. Should secure an identity protection pin from the IRS.

And use only verified tax filing services.

And only communicate personal information through encrypted channels.

If possible, do most of your tax filing in-person with the tax professional? Or use TurboTax where. You’re entering in your information in a web browser. Encrypted. And not sending things back and forth through mail or through email. Those are not the most secure forms of communication.

There’s a [00:07:00] lot of money to be had from.

Tax returns. And fraudsters know that.

So as much as I hate to say it and.

Encouraged sticking to the big names, but those will be your safest bets. H and R block TurboTax.

Places like that.

[00:07:15] transition: Do, do, do, do, do, do, do, do.

[00:07:21] offsetkeyz: And finally, we’ve got a quick lightning round for you. There are two stories here.


Uh, south Korean national was caught in Russia’s espionage net. Bake one soon, a south Korean citizen was arrested for espionage. Marking a first in Russia, South Korea relations.

Now, this was reported by TASS.

And it’s marketed as a Russian news agency.

And you can find the link to that in the show notes below.

Bake Juan soon was transferred to Moscow for further investigation. After being identified, handing over classified information to foreign intelligence.

The information that this individual handed over was classified as top [00:08:00] secret. Which reflects the sensitivity and potential diplomatic implication of the charges.

Okay. And finally. In relation to yesterday’s stories with the leather wallet.

[00:08:09] offsetkeyz: The hacker news has identified.

Seven Python packages. That if downloaded can drain your crypto wallets.

This research comes from reversing labs.

And it outlines these Python packages. Being designed to steal BIP 39 pneumonic phrases, which is critical for cryptocurrency wallet, recovery.

These packages have been downloaded over 7,451 times.

And our targeting developers specifically in the crypto wallet space.

Like I said there are seven malicious packages. They will be listed in the show notes, but just to read them out, it’s JS BIP 39 dash decrypt. BIP 39 pneumonic decrypt. Pneumonic to address and. Others.

So if you’re in the crypto wallet, development space, keep an eye out for these packages. And if you accidentally have [00:09:00] downloaded them, Please remove them. And. Um, probably transfer your crypto.

Revoke all login sessions. And change that passcode.

All right. So that’s all we’ve got for you today. Keep an eye on those tax returns and we will talk to you some more tomorrow.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.