The Internal Revenue Service (IRS) issued today a warning to alert taxpayers and tax professionals of an active IRS impersonation scam campaign sending spam emails to deliver malicious payloads.
This warning was issued after the IRS received several reports from taxpayers during this week regarding unsolicited messages with “Automatic Income Tax Reminder” or “Electronic Tax Return Reminder” subjects, coming from scammers impersonating the U.S. revenue service with the help of spoofed email addresses.
“The emails have links that show an IRS.gov-like website with details pretending to be about the taxpayer’s refund, electronic return or tax account,” says IRS’ warning.
“The emails contain a ‘temporary password’ or ‘one-time password’ to ‘access’ the files to submit the refund. But when taxpayers try to access these, it turns out to be a malicious file.”
Malware distributed to targets
More to the point, after entering the password issued in the spam message, the targets would unintentionally download malware that could allow the malicious actors to either harvest sensitive info or take control of their victims’ compromised systems.
“The IRS does not send emails about your tax refund or sensitive financial information,” stated IRS Commissioner Chuck Rettig. “This latest scheme is yet another reminder that tax scams are a year-round business for thieves. We urge you to be on-guard at all times.”
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) also urges users and administrators to review the CISA Tip on how to avoid phishing and social engineering attacks.
This warning comes after the IRS issued a joint news release with the US tax industry and state tax agencies in late July to remind professional tax preparers that they are required by federal law to have a data security plan in place.
Earlier tax and IRS themed attacks
Today’s alert can help both tax pros and taxpayers to combat attacks designed to steal sensitive info, such as attack campaigns that are targeting the tax season using realistic phishing emails containing malicious attachments.
In 2018, tax pros were targeted by a malspam campaign also distributing emails pretending to come from the IRS which allowed threat actors to infect their targets’ computers with a Rapid Ransomware variant.
Back in 2017, the IRS issued another warning regarding a phishing attack posing as official IRS communications and attempting to lure targets into clicking a link or downloading a malicious file which would infect them with ransomware.
Attackers also use phone scams, as observed in 2016, to pose as the IRS and to ask potential victims to extinguish outstanding debts of thousands of dollars via gift card payments.