phishing scamScammers will use any method to attack businesses, even tax forms. A new phishing campaign has been launched to spread a malicious program that looks like IRS documents. Business owners need to take extra precautions in order to protect sensitive company data, especially as tax season is fast approaching.

Emotet has been one of the most popular malware programs in recent times. The latest emotet scam phishing campaign targets taxpayers. It pretends to be the IRS or other private organizations and sends emails with phony Form W-9 attachments.

The malware can steal personal data and take control over email accounts if someone falls for this scam. To spread other malware programs, it will send spam emails to the account of the victim.

Be on the lookout for obvious signs of Emotet Phishing

Although the Emotet Phishing emails might seem legit, there are some warning signs that they could be fraudulent. Attached zip files are the malicious emails. The attachment contains a Word file that is supposedly the Form W-9. It is more than 500 megabytes. It is impossible to find a Word document that is this large.

Microsoft has also disabled macros from running on the system. When a user attempts to open malicious Word documents, a security warning will be displayed. It will warn that the document contains prohibited macros. This is the most obvious sign that you are being phished, so do not allow the content to be opened.

Emotet wants to bypass Microsoft's solution and instead send OneNote files. The attachment will warn the user that the file is not protected and require them to click the "View" button. The embedded VBScript will run once they click the "View" button. OneNote will warn users about the potential malicious script but they will still launch it.

Increase in phishing scams

In recent years, phishing scams have become an increasingly common threat to individuals and organizations worldwide. One particularly insidious example of this type of cybercrime is the Emotet phishing scam, which has been targeting taxpayers in recent years.

The Emotet phishing scam is a type of malware that is spread through phishing emails. These emails are designed to look like legitimate communications from trusted sources, such as banks, government agencies, or even colleges. They often contain links or attachments that, when clicked or opened, install the Emotet malware onto the victim's computer.

Once installed, Emotet allows cybercriminals to steal sensitive information from the victim's computer, including login credentials, financial information, and personal data. This information can then be used for a range of nefarious purposes, including identity theft, financial fraud, and even blackmail.

phishing scamOne particularly alarming aspect of the Emotet phishing scam is its targeting of taxpayers. These phishing emails often claim to be from the Internal Revenue Service (IRS) or other government agencies, and may threaten legal action if the recipient does not comply with their demands.

In some cases, the emails may contain links or attachments that purport to be tax forms or other official documents. In reality, these links or attachments install the Emotet malware onto the victim's computer, allowing the cybercriminals to steal sensitive financial information and other personal data.

To protect yourself from the Emotet phishing scam and other similar threats, there are several steps you can take.

  • Be wary of any unsolicited emails that ask for personal or financial information, especially if they claim to be from the IRS or other government agencies. Legitimate organizations will never ask for sensitive information over email.
  • Always verify the authenticity of any emails or communications that you receive, especially if they contain links or attachments. Look for signs of phishing, such as misspelled words, unusual sender email addresses, or suspicious links. You can also contact the purported sender directly to verify the legitimacy of the communication.
  • Make sure that your computer is protected with up-to-date antivirus software and that you regularly update your passwords and security settings. By taking these steps, you can help protect yourself from the Emotet phishing scam and other similar cyber threats.

Important to remember that tax documents legitimately filed in PDF format are often found online. Do not open Word, OneNote or other file types that are from questionable sources.

Is your company safe from attack? Are your employees trained in the latest techniques for spotting protentional threats? Is your network secure? If you are not sure, call Integrated Technology Systems today.

Integrated Technology Systems
6 East 45th Street, Suite 400
New York, NY 10017