Dangerous malware scam targets taxpayers with deceptive IRS forms

Tax season is upon us, and that means that scammers are hard at work trying to fool as many of us as they can.

Recently, data from MalwareBytes and Unit42 reveals that there is a new malware campaign designed to fool people waiting for tax documents to show up in their inboxes.

Here’s everything we know so far.

CLICK TO GET KURT’S CYBERGUY NEWSLETTER WITH QUICK TIPS, TECH REVIEWS, SECURITY ALERTS AND EASY HOW-TO’S TO MAKE YOU SMARTER

What is this new malware campaign?

The new malware campaign seems to have ties to the Trojan virus – Emotet, which has been around since 2014. The way it infects people’s devices is by sending fake emails claiming to be from the IRS. The email will have a W-9 form attached and will ask people to fill out the form with all their tax information. The form may be sent as either a ZIP file containing a Word document or as a OneNote document.

Here's what to know about a malware campaign targeting tax filers ahead of Tax Day.

Here’s what to know about a malware campaign targeting tax filers ahead of Tax Day. (Kurt Knutsson)

If a person downloads this file, a message is sent letting you know that the document is “protected” and that you can view it or enable settings to get access to the file. Once accessed, the file will begin installing malware on your device.

HOW TO PROTECT YOURSELF AGAINST IDENTITY THEFT THIS TAX SEASON

How do I know if it’s malware when it looks legit?

With this particular scam, two telltale signs will let you know that you’re being fooled by a hacker. 

  1. The first thing to remember is that tax forms are almost always sent as PDF files, and this dangerously deceptive one is sent as a Word or OneNote document.
  2. The ZIP file attachment is typically around 500 MB in size, which is way too big to be a normal document, making it a major warning sign that it’s riddled with malware.

Some other signs you should look for are spelling and grammar mistakes. Hackers don’t always read through their emails before sending them, and some of them are from other countries where English is not their first language. A legit email is very unlikely to have mistakes like that.

IRS SILENT ON TIMING OF VISIT TO JOURNALIST MATT TAIBBI’S HOME, HOW OFTEN IT MAKES HOUSE CALLS

Also, if you’re receiving an email claiming to be from the government and the address does not at least end in “.gov,” then there’s a good chance that this is not a legit email.

What other ways can I protect myself?

Have good antivirus software on all your devices

Antivirus software will protect you from accidentally clicking malicious links and will remove any malware from your devices. See my expert review of the best antivirus protection for your Windows, Mac, Android and iOS devices by visiting CyberGuy.com/LockUpYourTech.  

FREE ANTIVIRUS: SHOULD YOU USE IT?

Head to CyberGuy.com for more tips about personal security.

Head to CyberGuy.com for more tips about personal security. (Kurt Knutsson )

Be careful what emails you open and which links you click

You also always want to make sure that you’re avoiding opening emails from unknown senders and downloading any attachments they may contain.

Avoid clicking on any links within the email as well without inspecting them first to see where they will take you.

DON’T FALL FOR THIS NEW ROUND OF ICLOUD SUPPORT SCAM EMAILS

As tax season continues, it’s important to remain vigilant against scams like this new malware campaign and stay safe by always protecting your personal information from these scammers.

Have you seen any sketchy tax-related scams? Let us know your experience at CyberGuy.com/contact.

CLICK HERE TO GET THE FOX NEWS APP

For more of my tips, subscribe to my free CyberGuy Report Newsletter by clicking the “Free newsletter” link at the top of my website.

Copyright 2023 CyberGuy.com. All rights reserved.  

Check Also

Larian Studios shocks fans by not planning any Baldur’s Gate 3 DLC or expansions, with no Baldur’s Gate 4 in sight. Time for something new!

During a panel at the Game Developers Conference (GDC) today, the founder of Larian Studios, …