Another year and another cybercrime tactic.
Just as technology seems to change and advance at the speed of light, so too do the scams that cybercriminals rely on to steal from individuals and organizations. As with past years, one of the newest approaches cybercriminals are relying on is impersonating the Internal Revenue Service (IRS). This time around they are taking a less obvious approach by using something so obscure you might not automatically recognize it as suspicious –tax transcripts.
If you have ever needed information from previous years’ tax returns, only to find your copies have been lost or misplaced, tax transcripts are records of information you can get free of charge from the IRS that will give you key details from prior years’ tax returns. And they can be found center stage in cybercriminals’ latest phishing efforts.
According to a warning from the IRS, cybercriminals impersonating the tax agency are sending individuals and companies malware known as Emotet disguised as tax transcripts. But this type of malware is particularly dangerous, as it not only infects the computer of the individuals that open it, but is able to spread throughout an entire company’s network. Once again, the IRS is reminding people that it does not send unsolicited emails to people. Anyone who receives such an email should delete it or forward it to the IRS at email@example.com.
Take care now more than ever to make sure you are adequately securing your online accounts. One way of doing this is to make sure that you vary both the usernames and the passwords you use for different online accounts. Don’t forget that any bank or company that reaches out to you, whether online or by phone, will already know your account numbers and should not be asking for them or any other personal information, such as your social security number. If you receive such a call that you think may be legitimate, ask the person calling you for a reference number regarding whatever they are contacting you about, and then hang up and call the customer service number of the company they say they are from to be sure the call is legitimate.