Tax season is stressful enough without bad actors trying to steal your data.
A report from BleepingComputer (citing work by the data security firms MalwareBytes and Unit42) over the weekend revealed the existence of a new malware campaign designed to fool people waiting for tax documents to show up in their inboxes. It appears to be tied to Emotet, a particular strain of malware that’s been infecting computers since 2014.
How it works is simple: You get an email purporting to be from the IRS with an attached W-9 form for filling out tax filing information. It might come as either a ZIP file containing a Word document, or as a OneNote document.
Once you download the file, you might get a message saying that the document is protected, asking you to click a “view” button or enable certain settings to get access. Doing so is what puts the malware onto your computer.
According to these reports, there are a few telltale signs that you’re being messed with if you get one of these emails. First, tax forms almost always come attached as PDF files, not Word or OneNote documents. Second, if you open up a ZIP attachment and find that the Word doc waiting for you is more than 500MB in size, it’s probably got malware on it.
That’s way too big for a normal Word doc, but not coincidentally, is the right size to fool your inbox’s automatic malware scanning tools.
Check the email (including the email address of the sender) for any usual syntax or spelling errors. If someone is claiming to be from the IRS but doesn’t have an email ending in “.gov,” maybe hesitate before opening something they sent you. You always have the option of calling on the phone to confirm the legitimacy of what you’ve been sent, too.
Tax forms can be obtained from the IRS website.
It’s unfortunate that we have to worry about these things during an already unpleasant time of the year, but that’s the world we live in.