Emotet malware impersonates IRS as 2022 tax season approaches

A white padlock on a dark digital background.
(Image credit: Shutterstock.com)

As the 2022 tax season nears, numerous active phishing campaigns have been discovered impersonating the IRS to steal people’s sensitive data, and potentially - money.

One such campaign was just recently spotted by cybersecurity researchers from Cofense, which found threat actors pretending to be the Internal Revenue Service (IRS), sending out emails with tax forms and federal returns.

In most cases, the emails carry false 2021 Tax Return forms, W-9 forms, or other tax documents that are commonly being distributed this time of the year. These documents, either Word files, or Excel files, carry malicious macros, and if triggered, will download the Emotet malware.

TechRadar needs you!

We're looking at how our readers use VPNs with different devices so we can improve our content and offer better advice. This survey shouldn't take more than 60 seconds of your time. Thank you for taking part.

>> Click here to start the survey in a new window <<

Spreading ransomware

Emotet has multiple functions, with two most basic ones being - to spread to more machines via email; and to deliver stage-two malware. Cofense says that these days, Emotet is mostly used to deliver Cobalt Strike, ransomware payloads, or SystemBC remote access Trojan. When it infects a machine, it will try to weasel its way into the inbox, and use existing email threads to re-distribute itself without raising suspicion. 

Of these threats, ransomware seems to be the most obvious one, given that Emotet is being developed by the Conti Ransomware group.

The best way to protect against these attacks is to be vigilant when opening emails or downloading attachments. The IRS never sends unsolicited emails, and will only correspond through the postal service. 

When receiving emails with attachments, or links, it is important to double-check the sender’s name and address, because that’s often the first place where a red flag can be noticed. Also, typos, poor English, and a mismatch in visual identity, can also be clues to a potential phishing attack. And finally, hovering over a hyperlinked keyword in an email gives away its actual address.

Via: BleepingComputer

TOPICS

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
Pirate skull cyber attack digital technology flag cyber on on computer CPU in background. Darknet and cybercrime banner cyberattack and espionage concept illustration.
Beware, that Social Security email could be hiding dangerous malware
Shutterstock.com / kanlaya wanon
Microsoft Teams abused in Russian email bombing ransomware campaign
linkedin
Watch out - that LinkedIn email could be a fake, laden with malware
An iPhone sitting on a wooden table
Millions at risk as malicious PDF files designed to steal your data are flooding SMS inboxes - how to stay safe
Image depicting hands typing on a keyboard, with phishing hooks holding files, passwords and credit cards.
Microsoft warns about a new phishing campaign impersonating Booking.com
Close up of a business person using a smartphone.
Watch out, malicious PDF files are being used again in phishing attacks
Latest in Security
Data Breach
Thousands of healthcare records exposed online, including private patient information
China
Juniper patches security flaws which could have let hackers take over your router
Representational image depecting cybersecurity protection
GitLab has patched a host of worrying security issues
Ai tech, businessman show virtual graphic Global Internet connect Chatgpt Chat with AI, Artificial Intelligence.
AI agents can be hijacked to write and send phishing attacks
China
Volt Typhoon threat group had access to American utility networks for the best part of a year
Abstract image of cyber security in action.
MassJacker malware targets those looking for pirated software
Latest in News
Three iPhone 16 handsets on show
Apple could launch an iPhone 17 Ultra this year – but we've heard these rumors before
Super Mario Odyssey
ChatGPT is the ultimate gaming tool - here's 4 ways you can use AI to help with your next playthrough
Ray-Ban smart glasses with the Cpperni logo, an LED array, and a MacBook Air with M4 next to ecah other.
ICYMI: the week's 7 biggest tech stories from Twitter's massive outage to iRobot's impressive new Roombas
Brad Pitt looks over his right shoulder with &#039;F1&#039; written behind him
Apple Original Films will take you behind-the-scenes of a racing cockpit in this new thrilling F1 movie trailer
AI writer
Coding AI tells developer to write it himself
Reacher looking down at another character from the Prime Video TV series Reacher
Reacher season 3 becomes Prime Video’s biggest returning show thanks to Hollywood’s biggest heavyweight