IRS Warns of New Malware Email Threat
The Internal Revenue Service (IRS) has reported a new wave of phishing attacks targeting taxpayers. The emails pose as messages from the IRS and financial institutions and attempt to trick recipients into opening attached documents contaminated with malware.
The variables of the emails may change in time, but in recent weeks, the emails appear to be sent from “IRS Online.” The scam email carries an attachment labeled “Tax Account Transcript” or something similar, and the subject line uses some variation of the phrase “tax transcript.”
The goal of the phishing attack is to trick recipients into opening infected documents, giving attackers access to the affected computer’s user data. This particular malware, known as Emotet, is especially troubling as it can record keystrokes, upload your files (including email) to the attacker and even download more malicious code to give itself new capabilities. It is stealthy and difficult to detect and remove. According to the U.S. Computer Emergency Readiness Team, the Emotet virus is one of the most costly and destructive affecting all levels of government and the private and public sectors.
A reminder as we approach tax season, the IRS does not send unsolicited emails to taxpayers, including a tax transcript, which is a summary of a tax return. Never open these unsolicited emails or their attachments. “Suspected fraudulent tax emails should be deleted or forwarded to email@example.com, and to firstname.lastname@example.org if sent to your KU email account.