The IRS is being impersonated by scammers in an email making the rounds and using “tax transcripts” as bait to entice people to open attachments laced with malware.
In its newswire IR-2018-226, the IRS and Security Summit partners warned that the scam is particularly troublesome for businesses whose employees might open the malware, known as Emotet, since it can spread throughout a company’s network and take months to remove successfully.
Emotet usually masquerades as specific banks and financial institutions in trying to trick people into opening infected documents. This is not the first appearance of Emotet, but what’s new is its guise as the IRS. It pretends to be from “IRS Online,” and contains an attachment labeled “Tax Account Transcript” or something similar. The subject line uses some variation of the phrase “tax transcript.”
These particular giveaways can change, however, with each new version of the malware, and the IRS says that “[s]cores of these malicious Emotet emails were forwarded to [email protected] recently.”