Don’t even think about it.
That’s the message the IRS wants you to know, about opening a new stream of malicious emails circulating.
This new surge of emails impersonates the IRS and uses tax transcripts as bait to entice consumers to open documents. Guess what, those documents contain malware!
Why this matters to your small business.
The scam can potentially be problematic for your small business if your employees don’t know what to look out for. They might open the malware, which can then spread throughout your entire network and potentially take months to successfully remove.
More about the malware.
According to the IRS, this malware is actually well-known. Called Emotet, it generally poses as specific banks or financial institutions in efforts to trick people into opening infected documents.
In July, the United States Computer Emergency Readiness Team (US-CERT) issued a warning about earlier versions of Emotet. US-CERT has labeled it as “among the most costly and destructive malware affecting state, local, tribal, and territorial (SLTT) governments, and the private and public sectors.”
What to look out for.
Over the past few weeks, the scam has been posing as the IRS, pretending to be from IRS Online. It carries an attachment labeled something like Tax Account Transcript. Typically, the email subject line will have a phrase that includes the wording: tax transcript.
Important reminders and steps to take.
Share these reminders with your employees:
- The IRS does not send unsolicited emails to the public. Furthermore, it does not email a sensitive document, like a tax transcript (a summary of a tax return).
- Do not open the email or attachment.
- If using a personal computer, the IRS urges that you delete or forward the scam email to email@example.com.
- If it’s on the work computer, your employees should notify your technology professionals.
You can read the full IRS alert by clicking here.
Do you have any other tips to share with employees on how to not fall victim to these scams? Share your knowledge below.