IRS Impersonators Are Spreading Malware

The IRS is warning taxpayers about an email attack using messages pretending to be legitimate IRS communications. The goal of the attack is installing malware on users computers; to gain control of the device or install software like a keystroke logger, so as to eventually gain passwords to sensitive accounts, like banking.

Using spoofing, the scammers send emails that appear to come from addresses. These emails also link to a spoofed website displaying fake details about the target’s tax refund, return or account.

These fake emails use subject lines like “Automatic Income Tax Reminder” and claim to contain a “temporary password” to access the files. These files are actually just malware in disguise. Much like a hack targeting HR departments with résumés the email is something a target would ordinarily open.

“The emails instruct the recipient to access their refund information by entering a provided password on the spoofed website,” CISA (Cybersecurity and Infrastructure Security Agency) said in an alert. “By entering the password, the victim unintentionally downloads malware that could enable the malicious cyber actors to take control of the affected system or obtain sensitive information.”

In 2017 the IRS reactivated a program that uses private debt collectors to collect delinquent tax debts. A decision the National Taxpayer Advocate, (a division of the IRS) called a “most serious problem.” In part because of an increased likelihood of phone or email scams exactly like the one described above.

Individuals need to remember that the IRS still sends notifications almost exclusively via U.S. mail. Certainly the IRS will never call or email asking for personal information to be submitted online.

Header Image: Matthew Bisanz

Comments are closed, but trackbacks and pingbacks are open.