The IRS and Security Summit partners warned the public of a surge of fraudulent emails impersonating the IRS and using tax transcripts as bait to entice users to open documents containing malware. The scam is especially problematic for businesses whose employees might open the malware because this malware can spread throughout the network and potentially take months to successfully remove.
This well-known malware, known as Emotet, generally poses as specific banks and financial institutions in its effort to trick people into opening infected documents. The Summit partnership of the IRS, state tax agencies and the nation’s tax industry remind taxpayers to watch out for this scam.
However, in November, the scam has masqueraded as the IRS, pretending to be from “IRS Online.” The scam email carries an attachment labeled “Tax Account Transcript” or something similar, and the subject line uses some variation of the phrase “tax transcript.” These clues can change with each version of the malware.
Tax professionals should inform their clients that the IRS does not send unsolicited emails to the public or email a sensitive document such as a tax transcript. In addition, the IRS urges taxpayers not to open the email or the attachment. If using a personal computer, the email should be deleted or forwarded to firstname.lastname@example.org. If your clients see these using an employer’s computer, they should notify the company’s technology professionals.