No one wants the IRS to contact them. You hope to deal with them once a year at tax time, without worrying about audits or mistakes on your numbers. So, if one day, an email from the Internal Revenue Service shows up in your inbox, you’re bound to take it seriously. Well, don’t. In fact, you have my permission to totally ignore any communication from the IRS to your email address—because it’s 100% a scam.
Make no mistake: The IRS will get in touch with you if you owe them money. But they will never contact you through email, text message, or hell, social media. (The IRS does not slide into your DMs.) The Internal Revenue Service almost always sends its correspondence via good ol’ fashioned snail mail, and, on rare occasions, through a phone call. Any other form of communication from the “IRS” should be treated as pure junk, simple as that.
Scammers don’t want you to know that, however. As reported by BleepingComputer, the latest scheme involves malicious users posing as IRS “Inspectors” innocently sending you your W-9 form. The email is signed by the IRS “employee” whose email address is the very personalized “email@example.com,” and who work for the “Department of Treasure.” (Scammers: Hire a proofreader.)
Sure, the ruse is obvious, but obvious ruses work all the same. And this isn’t a trick you want to fall for. That “W-9" attached to the email downloads as a ZIP file called “W-9 form.zip,” which contains a malicious Word doc carrying Emotet, a specific type of malware. It weighs in at over 500MB, magnitudes larger than a normal Word doc, as it’s designed to thwart anti-malware software you might install on your computer. The scammers might not be clever enough to write good copy in their emails, but they are clever enough where it counts.
G/O Media may get a commission
Luckily, Microsoft is clever, too. The company is blocking attacks like this by disabling “macros” by default. Macros allow a program to run multiple instructions from one initial instruction, which is what fueled attacks like these in the past. By blocking that activity, you now have to enable the macros yourself before the malware can run, which should hopefully reduce the number of people who fall victim to a fake W-9 in their inbox.
Unfortunately, the scam evolves from here. You might receive a fake W-9 as a OneNote file, instead, which upon opening, will appear “protected.” If you double-click the view button to view the hidden file, you’ll actually trigger the instructions to install the malware to your computer. In this case, Windows might warn you about the risk of malware, and could give you an opportunity to block the attack, but if you ignore the warning, the malware will run.
While listening to Windows whenever it warns you about potential malicious activity is good practice, the better practice is to never open or download files from strange emails in the first place. If you see one of these fake IRS emails float past your spam folder and into your inbox, laugh at it, then immediately hit “Delete.”