Cybersecurity researchers warn about a new e-mail spam campaign detected in the middle of August 2019 in which online scammers pretend to be agents of the Internal Revenue Service (IRS). The goal of this new tax-related scam is to download malware on the victim's computer, as well as to collect sensitive user data.
Like in a typical phishing campaign, imposters send taxpayers e-mail messages claiming to contain important information about their tax refunds, online accounts, or electronic returns. In order to look authentic, the e-mails include links to websites that strongly resemble IRS.gov pages, as well as temporary passwords through which the users are asked to access the relevant files. These files are injected with malicious scripts, however, so that when the user opens them a malware threat is dropped on the user's computer. This way, the scammers gain access to the target machine and can install additional malware to spy on the user's activities and to harvest personal data. The attackers use dozens of spoofed web addresses, which makes it hard for cybersecurity experts to track them down.
The IRS reminds once again that its agents would never request any financial or personal information from users per e-mail or phone, so any messages requiring such data are a scam and should be handled with caution. Furthermore, the IRS does not contact people to demand immediate payments through bank wire transfers, gift cards or debit/credit cards, so any such attempts should be ignored.
Although the IRS agency has already taken considerable steps towards reducing identity theft of taxpayers and the number of victims has dropped by over 70% in the last three years, e-mail and phone scams by IRS imposters continue to be an issue threatening users' privacy. Tax-related phishing campaigns remain a year-round business for online thieves, so IRS officials warn that taxpayers should be on guard at all times.
If ever you discover an email that is suspected to spoof the IRS, please report it to the IRS via their phishing report site here.