E-File-Website-was-Infected
Cyber Breach

E-File Website (eFile[.]com) was Infected With Malicious JavaScript Redirect

Marty Tatro
by May 23, 2023

Unmasking the e-File Cybersecurity Risk: A Tax Season Alert for U.S. Tax Filers

Short on time? Listen instead.

Recent findings have disclosed a significant cybersecurity risk associated with e-File, an IRS-approved tax e-filing provider. The website was found to be distributing harmful JavaScript code via the popper.js file to its users. With tax season in full swing, this alarming issue presents a real danger to anyone who needs to file taxes in the U.S. It’s like finding out your mailbox has been tampered with just as you expect an important letter. The compromised file, which exists on nearly all e-File’s pages, sends misleading notifications urging users to update their browsers through a harmful link embedded on the page.

This link, contingent on the user’s browser (Chrome or Firefox), connects to distinct files that prompt the download of a PHP file. This potentially harmful file grants cybercriminals the ability to infiltrate a computer system, extract data, or download additional malicious files.

For context, the IRS provides several authorized e-filing services through its free filing service on its website. While this service remains unaffected by the harmful file, it does direct users to e-File and other sites based on user responses to a series of questions.

The Breach Explained

In March 2023, it came to light that e-File’s website was redirecting users to a separate page displaying a false network error message. This message, deceiving users into believing a browser update was necessary, contained a harmful link that led users to an unrelated site.

Once users were redirected, their browsers would prompt an update to continue using the original site. However, the downloaded files were far from benign. Once downloaded, these files could allow a cybercriminal to control the system, infiltrate other systems on the network, and gather sensitive information.

This malicious activity, termed “hijacking,” involves altering site pages to distribute harmful files. The perpetrator can exploit this to infect site users with malware or viruses, among other potential harms. The duration for which e-File was compromised by this malware remains unknown.

The Potential Impact on Users

The impact of this breach may vary based on individual usage of tools and sites during the tax season. However, if you’ve filed taxes through one of the IRS-recommended online portals, you should run an antivirus or antimalware scan to check for any potential security problems.

While antivirus and antimalware software are essential, they cannot fully safeguard your computer. It’s crucial to adopt several measures to protect against harmful programs and malware, some of which will be discussed later.

In case of a malware attack, numerous free or paid services can assist in removing infections and potentially recovering lost data. Proactive planning can also mitigate the effects of such an attack. This includes investing in reliable antivirus or malware software, keeping it up-to-date, and preparing for potential breaches by having backups and accessing trusted technical assistance promptly.

Securing Against Attacks

Detecting a malicious site redirect can be challenging without some technical knowledge and vigilance. This specific redirect was first noticed by several users who found the error message suspicious and identified harmful files being served from unaffiliated server locations.

Therefore, it’s crucial to be cautious when prompted to download or install files or updates from unfamiliar sources. Always use the official software provider for any necessary updates.

Northstarr Recommendations

Ensuring personal and data security can be challenging. In case of browser notifications indicating necessary downloads or updates, here are a few recommendations:

  • Do not click on links within notifications. Verify the authenticity of any purported updates or changes directly from the software or OS source.
  • If in doubt, consult your IT department or a cybersecurity team.
  • Hover your cursor over any links in a notification to see where the link connects. This isn’t foolproof.
  • Always opt for updates and patches provided directly by the software vendor. This can typically be done within the application or the operating system.
  • Regularly patch and update your operating system and applications.

To find out more about how we can help, visit our website or give us a call at (888) 767-2210 to set up an appointment.  We look forward to meeting with you!