All US taxpayers must check Gmail or Outlook right now – search for key phrase that could leave your bank empty
ONE seemingly-innocent phrase in your inbox may indicate you’re the target of cybercriminals. Security experts are warning US taxpayers about a new phishing campaign. This one phrase in an email could be a sign of bank-emptying malwaregetty With tax season upon us, scammers are claiming to be the IRS as a ploy to install “Trojan Emotet,” first spotted by Malwarebytes. Trojan Emotet is a malicious software that can steal data, such as user credentials stored on the browser, by eavesdropping on network traffic. WHAT DOES THE EMAIL CONTAIN? The subject line “IRS Tax Forms W-9” is used in the phishing email, and a spoofed sender address of “IRS Online Center.” So, if you spot the phrase “IRS” in an email — approach with caution. Remember that the IRS will never contact you via email or text, according to its website. The full email reads like this: “Let me know if you would like a hard copy mailed as well. Respectifully [SIC] Barbara LaCosta Inspector Department of Treasure.” But the tell-tale sign to look out for, is the typo, “Respectifully.” On top of this, the email will contain a 709KB “W-9 form.zip” attachment, which contains a 548MB Word doc titled “W-9 form.doc.” “You won’t find many genuine Word documents weighing in at 500MB or more. In fact, a file size of 500MB is a potential indicator that Emotet is lurking in the background,” Malwarebytes’ malware intelligence analyst, Chris Boyd, explains. “Malware authors are artificially pumping up the size of the document in order to try and fool or break security tools. This is because the large file size may prove too difficult for the tools to get a handle on and properly analyze,” he continues. HOW TO AVOID A PHISHING SCAM Firstly, you should be thorough when checking who the email is from. Even if it looks official, double-check the email and look for any spelling mistakes or slight abnormalities in the sender’s email address. Never feel pressurised into opening an attachment and avoid clicking the phrase “enable content.” You should also be wary of links in emails. If you’re certain an email you have received is a scam, report it to your email provider and delete it.
ONE seemingly-innocent phrase in your inbox may indicate you’re the target of cybercriminals.
Security experts are warning US taxpayers about a new phishing campaign.
With tax season upon us, scammers are claiming to be the IRS as a ploy to install “Trojan Emotet,” first spotted by Malwarebytes.
Trojan Emotet is a malicious software that can steal data, such as user credentials stored on the browser, by eavesdropping on network traffic.
WHAT DOES THE EMAIL CONTAIN?
The subject line “IRS Tax Forms W-9” is used in the phishing email, and a spoofed sender address of “IRS Online Center.”
So, if you spot the phrase “IRS” in an email — approach with caution.
Remember that the IRS will never contact you via email or text, according to its website.
The full email reads like this:
“Let me know if you would like a hard copy mailed as well.
Respectifully [SIC]
Barbara LaCosta
Inspector
Department of Treasure.”
But the tell-tale sign to look out for, is the typo, “Respectifully.”
On top of this, the email will contain a 709KB “W-9 form.zip” attachment, which contains a 548MB Word doc titled “W-9 form.doc.”
“You won’t find many genuine Word documents weighing in at 500MB or more. In fact, a file size of 500MB is a potential indicator that Emotet is lurking in the background,” Malwarebytes’ malware intelligence analyst, Chris Boyd, explains.
“Malware authors are artificially pumping up the size of the document in order to try and fool or break security tools. This is because the large file size may prove too difficult for the tools to get a handle on and properly analyze,” he continues.
HOW TO AVOID A PHISHING SCAM
Firstly, you should be thorough when checking who the email is from.
Even if it looks official, double-check the email and look for any spelling mistakes or slight abnormalities in the sender’s email address.
Never feel pressurised into opening an attachment and avoid clicking the phrase “enable content.”
You should also be wary of links in emails.
If you’re certain an email you have received is a scam, report it to your email provider and delete it.
