IRS Scam – Beware Emotet Malware W-9 Scam Attempts to Steal Credentials and File Fraudulent Tax Returns
A new IRS scam campaign was discovered by cyber security company Cofense. This one involves an email phishing campaign that attempts to trick the recipient into downloading a harmful email attachment that is disguised as an IRS form W-9 or clicking on a link that launches a cyber attack. If the reader clicks on the malicious attached file or the link, Emotet malware is downloaded to their computer or phone unless it is blocked by an antivirus app.
In January the US Department of Homeland Security warned the public that Emotet malware attacks are increasing. Emotet is a banking Trojan. This malware spreads primarily via malicious email attachments but also from spoofed websites. Emotet quickly infects all other computers on the same internet connection. The latest version of Emotet download more malware that steal bank account passwords on devices and passwords saved in web browsers. Emotet malware has been successfully used to attack state, local, tribal, and territorial governments as well as businesses in the private and public sectors. Using a password vault can help protect against malware that attempts to steal usernames and passwords.
Each year, the Internal Revenue Service (IRS) publishes the Dirty Dozen list which represents the worst of the worst tax scams for the year.
The tax scam comes in two variations – one with an email attachment and another with a malicious link. The contains simple email content stating, “Please see attached. That’s not to say it won’t evolve into other variations with more convincing wording. Hackers and spammers use information gleaned from social media or corporate websites to make the content of a scam email seem familiar to the recipient making them more likely to follow the instructions (download the attachment or click on the link) in the email.
If you need to give someone a W-9 tax form, you can always download an official copy form the IRS website – click here. You do not need to use the one sent to you by the company.
Emotet malware is a cyber threat that has been on the rise since it first appeared in 2016. It is the work of an organized hacking group called TA542 or Mummy Spider. The fake W-9 form is sent via spam email as an attachment. If the reader clicks on it and the device is not protected by an antivirus app, malware may be downloaded to the email recipient’s device.
Emotet malware is also circulating in two other email scam campaigns. Both email scams are designed to look like official information from the US Center for Disease Control. Both spam emails play upon people’s fears surrounding the Coronavirus that is spreading globally. The emails contain some supposedly helpful information about the virus and preparedness. Like the W-9 tax scam, the spam emails also contain malicious attachments with Emotet malware and links to spoof websites that launch malware downloaders on unprotected computers and phones. Some variations attempt to phish banking credentials. All variations attempt to steal money from the victim.
In case you have never seen one, the IRS Form W-9 is a tax form taxpayers must complete and sign when working for a company that is not their employer. The W-9 form is how companies collect information from including name, address, and taxpayer identification information of a taxpayer.
Without a signed W-9, a contractor cannot get paid for their work. This is why a contractor or business would want to get the W-9 form downloaded and returned right away. But a completed IRS W-9 form contains sensitive information a hacker can use to steal your identity and file a fraudulent return.
Related Tax Scam Reads:
- IRS Warns of New Email Tax Scam
- IRS Warns of 2 New Delinquent Tax Scams
- Tax Scams – Beware of the Taxpayer Advocate Service Scam
What is Malware and How Does it Work?
The term malware is a portmanteau of malicious software. Malware is any unwanted app, computer code, or program on a laptop, computer, server, phone, router or other internet connected device. Computer Viruses, Trojans, spyware, worms, adware, and ransomware are all different types of malware.
Malware infects your device through some initial download. A person may click on a link in an email which takes them to a malicious website that begins the malware download. Malware can be sent in an email attachment. Microsoft Word documents, Excel Files, Adobe .pdf, compressed .zip files can all be used to disguise a malware downloader. That’s why you should never click on or open an email attachment from someone you don’t know. A good antivirus app will detect, block, or quarantine suspicious emails and files to protect your device.
Once a device is successfully infected, malware tries to infect as many other devices that are connected to the same WiFi or internet connections as quickly as possible.
How Does Emotet Malware Infect Your Device?
This week is Tax Identity Theft Awareness. The Federal Trade Commission (FTC) said so. Since income tax filing season is underway that means that tax scams are gearing up for their prime season. Here are some tips from the FTC to better protect your money and your identity during from a tax scam:
- Keep your Social Security Number safe. Don’t give it to anyone without a good reason and privacy measures in place
- File your tax return as early as possible
- Use a secure internet connection if you file electronically
- Use a Virtual Private Network (VPN) App to Protect Your Personal Tax Information
- If you cannot use a secure internet connection, then file by mail If your identity has been stolen, you will have to file by mail.
- Only use reputable, licensed tax preparers
- Check your credit report at least once a year for free. Read this post to find out how US Service personnel can get unlimited free credit reports while they are on active duty
Hackers file fraudulent tax returns using stolen credentials. The tax scam won’t work if you have already filed this year. Likewise, if the hacker has already filed a tax return using your Social Security number, your legitimate return will be rejected as a duplicate
What is Malware Protection?
Malware protection involves safe cyber security practices that are free and easy to implement.
- Don’t open email attachments if you don’t know the sender
- Be sure you truly do know the sender. Read our guide on how to detect a phishing email
- Even if you do know then person sending the email, if you were not expecting an email attachment to be sent to you, CALL them and make sure the email and file is legitimate. They may have been hacked. READ this post on how to tell if your phone is hacked
- An antivirus app can help detect phishing emails
- Malware removal apps can block malware downloads. If something gets past the antivirus app then malware removal app can help clean up your laptop or phone and regain access
- Using a password vault to against malware that attempts to steal usernames and passwords
Michelle writes about cyber security, data privacy focusing on social media privacy as well as how to protect your IoT devices. She has worked in internet technology for over 20 years and owns METRONY, LLC. Michelle earned a B.S. in Engineering from Rensselaer Polytechnic Institute. Michelle published a guide to Cyber Security for Business Travelers