Home USA LATEST NEWS Dangerous malware scam targets taxpayers with deceptive IRS forms

Dangerous malware scam targets taxpayers with deceptive IRS forms

April 05, 2023
Read

 Don't let this tax season be a nightmare for you

Tax season is upon us, and that means that scammers are hard at work trying to fool as many of us as they can.

Recently, data from MalwareBytes and Unit42 reveals that there is a new malware campaign designed to fool people waiting for tax documents to show up in their inboxes.

Here's everything we know so far.

CLICK TO GET KURT’S CYBERGUY NEWSLETTER WITH QUICK TIPS, TECH REVIEWS, SECURITY ALERTS AND EASY HOW-TO’S TO MAKE YOU SMARTER

What is this new malware campaign?

The new malware campaign seems to have ties to the Trojan virus - Emotet, which has been around since 2014. The way it infects people's devices is by sending fake emails claiming to be from the IRS. The email will have a W-9 form attached and will ask people to fill out the form with all their tax information. The form may be sent as either a ZIP file containing a Word document or as a OneNote document.

Here's what to know about a malware campaign targeting tax filers ahead of Tax Day.

Here's what to know about a malware campaign targeting tax filers ahead of Tax Day. (Kurt Knutsson)

If a person downloads this file, a message is sent letting you know that the document is "protected" and that you can view it or enable settings to get access to the file. Once accessed, the file will begin installing malware on your device.

HOW TO PROTECT YOURSELF AGAINST IDENTITY THEFT THIS TAX SEASON

How do I know if it's malware when it looks legit?

With this particular scam, two telltale signs will let you know that you're being fooled by a hacker. 

  1. The first thing to remember is that tax forms are almost always sent as PDF files, and this dangerously deceptive one is sent as a Word or OneNote document.
  2. The ZIP file attachment is typically around 500 MB in size, which is way too big to be a normal document, making it a major warning sign that it's riddled with malware.
Kurt "CyberGuy" Knutsson shows how you can add ChatGPT to your browserVideo

Some other signs you should look for are spelling and grammar mistakes. Hackers don't always read through their emails before sending them, and some of them are from other countries where English is not their first language. A legit email is very unlikely to have mistakes like that.

IRS SILENT ON TIMING OF VISIT TO JOURNALIST MATT TAIBBI’S HOME, HOW OFTEN IT MAKES HOUSE CALLS

Also, if you're receiving an email claiming to be from the government and the address does not at least end in ".gov," then there's a good chance that this is not a legit email.

What other ways can I protect myself?

Have good antivirus software on all your devices

Antivirus software will protect you from accidentally clicking malicious links and will remove any malware from your devices. See my expert review of the best antivirus protection for your Windows, Mac, Android and iOS devices by visiting CyberGuy.com/LockUpYourTech.  

Tags :

No comments:

Subscribe to: Post Comments ( Atom )
Powered by Blogger.