Tax Season Terror: Phishing Campaigns Weaponize Urgency to Deliver Remote Access Tools

Microsoft Threat Intelligence observed a surge in tax-season phishing campaigns that use PhaaS-driven, multi-stage redirection (Amazon SES tracking -> look-alike SmartVault domain) and Cloudflare bot checks to deliver a malicious repackaged ScreenConnect RAT named `TranscriptViewer5.1.exe`; the campaign targets accountants and taxpayers to harvest credentials, exfiltrate tax data, and pivot across networks.