The Internal Revenue Service and Security Summit partners recently warned the public of a surge of fraudulent emails impersonating the IRS and using tax transcripts as bait to entice users to open documents containing malware.
The scam is especially problematic for businesses whose employees might open the malware because this malware can spread throughout the network and potentially take months to successfully remove.
This well-known malware, known as Emotet, generally poses as specific banks and financial institutions in its effort to trick people into opening infected documents.
In the past few weeks, the scam masqueraded as the IRS, pretending to be from “IRS Online.” The scam email carries an attachment labeled “Tax Account Transcript” or something similar, and the subject line uses some variation of the phrase “tax transcript.”
The IRS reminds taxpayers it does not send unsolicited emails to the public, nor would it email a sensitive document such as a tax transcript, which is a summary of a tax return. The IRS urges taxpayers not to open the email or the attachment. If using a personal computer, delete or forward the scam email to phishing@irs.gov. If you see these using an employer’s computer, notify the company’s technology professionals.
The United States Computer Emergency Readiness Team (US-CERT) issued a warning in July about earlier versions of the Emotet in Alert (TA18-201A) Emotet Malware.
US-CERT has labeled the Emotet Malware “among the most costly and destructive malware affecting state, local, tribal, and territorial (SLTT) governments, and the private and public sectors.”
There is no way to have a fail proof system, interruptions will happen and threats are ever changing. The key is to act proactively to forecast these changes and to be able to respond to new threats as they emerge.
BerganKDV’s technology team is on hand to help your organization implement the right tools and solutions to monitor, maintain and manage your technology systems efficiently and effectively. Start here.
