Threat Database Adware 'IRS Online' Scam

'IRS Online' Scam

By GoldSparrow in Adware

Users and cybersecurity researchers have reported the 'IRS Online' scam, which refers to a massive email campaign. The 'IRS Online' campaign uses spoofed email addresses, homograph addresses and macro-enabled documents to disperse malware. It is believed that the 'IRS Online' scam is aimed at Windows systems and users who have not disabled macros in their word processor. Researchers have shared findings on the 'IRS Online' scam, and a large portion of the cybersecurity community agrees that the 'IRS Online' emails are tailored to deliver the Emotet Trojan to potential victims. The Emotet Trojan injects code into legitimate processes to hide its presence, establishes a connection to its command servers and downloads modules to expand its capabilities. It seems that the 'IRS Online' emails serve threat actors that may be looking to create a Botnet, pave the way for a new Ransomware and hijack online banking accounts. The 'IRS Online' Scam is reported to utilize email subject lines like 'Verification of Non-filing Letter' and 'IRS Online IRS_267699238_11052018.doc.' The emails at hand feature a short body that reads:

'Certification of Non-filling Letter.doc
Department of Treasure
If you need assistance, please contact me at 1-866-591'

Do not open emails from questionable email accounts that pose as official accounts used by the IRS. If you open the emails related to the 'IRS Online' scam make sure to avoid clicks on images, videos and highlighted words and download attached documents. Minimal interaction with the 'IRS Online' ensures that a potential malware payload can't be installed to your computer and you will be safe. It is recommended to report emails and addresses associated with the 'IRS Online' scam to law enforcement agencies and AV manufacturers to help in the effort to combat the distribution of the Emotet malware (and similar threats).


Most Viewed