Be on the lookout for suspicious-looking emails until April 18th, the end of tax season.
If you’re wondering why, it’s because every cybercriminal and their mother are currently scanning for the weakest member of the digital herd—and they’re hoping said weak link is just foolhardy enough to click on their half-baked phishing ploys. Yes, this time of year, e-criminals like to dress up and play IRS agent. They are sending out official-looking emails, stamped with IRS insignia and all, that just so happen to be loaded with malicious software.
In that spirit, I don’t know who needs to hear this right now, but listen up: the IRS does not send out unsolicited emails. The agency corresponds largely through snail mail, so, if you get an email out of nowhere, you’re likely just chatting with a hacker, not a duly appointed federal official.
This year, one of the more nefarious scams involves the powerful malware botnet Emotet. Email security firm Cofense reports that Emotet has been taking advantage of tax season to impersonate IRS officers and send out malware-laden emails that purport to contain tax information and refunds. However, attached to the emails are zip files that, when opened, unleash the botnet’s odious malware onto a victim’s computer.
This isn’t the first impersonation scam that Emotet has pulled. The group made similar phishing ploys in 2018 to great effect. They’ll almost certainly do it again. Tax season is always…
