Close Close
Sign In
Newsletters
Popular Financial Topics Discover relevant content from across the suite of ALM legal publications From the Industry More content from ThinkAdvisor and select sponsors Investment Advisor Issue Gallery Read digital editions of Investment Advisor Magazine Tax Facts Get clear, current, and reliable answers to pressing tax questions
Luminaries Awards
Podcast Center Video Center Webcasts Resource Center Events
About ThinkAdvisor Contact Us Advertise With Us Asset & Logo Licensing Sitemap Terms of Service Privacy Policy Copyright © 2024 ALM Global, LLC. All Rights Reserved.
ThinkAdvisor

Regulation and Compliance > Federal Regulation > IRS

IRS Warns of 'Tax Transcript' Email Scam

By Marlene Satter

X
Your article was successfully shared with the contacts you provided.

The IRS is being impersonated by scammers in an email making the rounds and using “tax transcripts” as bait to entice people to open attachments laced with malware.

In its newswire IR-2018-226, the IRS and Security Summit partners warned that the scam is particularly troublesome for businesses whose employees might open the malware, known as Emotet, since it can spread throughout a company’s network and take months to remove successfully.

Emotet usually masquerades as specific banks and financial institutions in trying to trick people into opening infected documents. This is not the first appearance of Emotet, but what’s new is its guise as the IRS. It pretends to be from “IRS Online,” and contains an attachment labeled “Tax Account Transcript” or something similar. The subject line uses some variation of the phrase “tax transcript.”

These particular giveaways can change, however, with each new version of the malware, and the IRS says that “[s]cores of these malicious Emotet emails were forwarded to [email protected] recently.”

Back in July, the U.S. Computer Emergency Readiness Team (US-CERT) issued a warning about earlier versions of Emotet in Alert (TA18-201A) Emotet Malware.

In addition, US-CERT has labeled the Emotet Malware “among the most costly and destructive malware affecting state, local, tribal, and territorial (SLTT) governments, and the private and public sectors.”

The IRS reminds taxpayers in its report that it does not send unsolicited emails to the public. It also would not email a sensitive document such as a tax transcript, which is a summary of a tax return.

Taxpayers who receive a copy of Emotet on their personal computers are urged not to open the email or the attachment, but to delete it or forward the email to [email protected]. If Emotet comes in on an employer’s computer, workers are urged to notify the company’s technology professionals.

Marlene Satter

NOT FOR REPRINT

© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.