The Internal Revenue Service (IRS) is warning about a new “tax transcript” scam. In this scam, taxpayers are tricked into opening emails that look like they are from the IRS—but they potentially carry malware. Here’s what you need to know.
In the past few weeks, taxpayers have received emails pretending to be from “IRS Online.” The scam email carries an attachment labeled “Tax Account Transcript” or something similar, and the subject line uses some variation of the phrase “tax transcript.”
Tax transcripts, which are summaries of your tax records and history, are available online. Although taxpayers do need access to an email account in order to register, the IRS reminds taxpayers it does not send unsolicited emails to the public. Also, they would not email a sensitive document such as a tax transcript.
If you receive an email like this, do not open the email or the attachment!
The malware is known as Emotet. This particular malware generally poses as specific banks and financial institutions to trick people into opening infected documents.
The United States Computer Emergency Readiness Team (US-CERT) issued a warning in July about Emotet versions. US-CERT has called the Emotet malware “among the most costly and destructive malware affecting state, local, tribal, and territorial (SLTT) governments, and the private and public sectors.” According to US-CERT, Emotet infections have cost SLTT governments up to $1 million per incident to remediate.
The bottom line: use caution. Don’t fall for the tricks. Be sure to keep your personal information safe by remaining alert. When in doubt, assume it’s a scam.
Here’s what you can do if you receive a suspicious phone call, letter or email:
- If you receive a call or letter claiming to be from the IRS, and you do not owe taxes, don’t engage with the scammer, and do not give out any information. Just hang up. Do not call the number back. Discard of any letters reciecved.
- If you receive an email claiming to be from the IRS or a program affiliated with IRS, don’t respond or click on any links. Delete the email.