Taxpayers should be aware of a new round of fraudulent emails that impersonate the IRS and use tax transcripts as bait to entice users to open documents containing malware. The scam is especially problematic for businesses whose employees might open the emails infected with malware as it can spread throughout the network and may take months to remove.
This well-known malware, which is called Emotet, typically tricks people into opening infected documents by posing as specific banks and financial institutions. However, in the past few weeks, the scam has masqueraded as the IRS, pretending to be from “IRS Online.” Many of these malicious Emotet emails were recently forwarded to firstname.lastname@example.org.
The scam email carries an attachment labeled “Tax Account Transcript” or something similar, and the subject line uses some variation of the phrase “tax transcript.” The exact wording often changes with each version of the malware.
Taxpayers should remember that the IRS does not send unsolicited emails to the public, nor would it email a sensitive document such as a tax transcript (a summary of a tax return). Taxpayers receiving a suspicious email are urged not to open the email or the attachment. If using a personal computer, delete or forward the scam email to email@example.com. If you see these types of emails when using an employer’s computer, notify your company’s internet technology (IT) department immediately.
The United States Computer Emergency Readiness Team (US-CERT) issued a warning in July about earlier versions of the Emotet, which it has called one of the most costly and destructive malware affecting the private and public sectors.