New Malware Warning: Fake W-9 Tax Forms Allegedly Sent From the IRS

Scammers and criminals are never on a break and typically find new and creative ways to trick their targets. With Tax Season in full swing, we want to inform you about a new Emotet Malware phishing campaign that sends out fake W-9 tax forms to U.S. taxpayers while impersonating the IRS. Emotet Malware was commonly distributed through phishing emails containing Microsoft WORD or Excel documents with malicious macros that install malware on the target users’ system. Microsoft implemented software recently to block macros by default in downloaded Office documents, so the Emotet has switched to Microsoft OneNote files that contain embedded scripts that will install the malware.

Once a user’s system has been infected with the malware, it can access and steal their email accounts, resulting in reply-chain email attacks, sending of spam emails, and installing additional malware programs.

In this campaign, the scammers send emails to their targets titled ‘IRS Tax Forms W-9’ as they impersonate an IRS’ Inspector.’ These emails will have a ‘W-9 form.zip’ file attached which contains a malicious WORD document created so that it is difficult for the Microsoft software to detect it. With the security software Microsoft uses, there are challenges to installing the malware which is why Emotet uses the hijacked emails to send the files through Microsoft OneNote, pretending to be a business or a person you would trust.

We are sharing this information so that you can be alert to any messages you may receive regarding your tax or personal information. Please take advantage of scanning software you may have before opening any forms, but it is suggested not to upload them to cloud-based scanning services. Today, tax forms are usually distributed as PDFs instead of Microsoft WORD, so if you receive official documents in WORD, avoid opening them and enable your macros. Also, tax forms are not usually sent in Microsoft OneNote, so if you receive an email using that program, you should not open it and delete the email.

Sadly, in this digital age, we must be vigilant in protecting our personal and business identities and assets due to evolving malware programs. Therefore, if you receive emails from someone you do not know, it is best to discard them. And if you know the sender but feel unsure about the message’s legitimacy, please call them on the phone to confirm it is something from them.

If you have any questions, please feel free to contact us, or your personal tax advisor. Thanks so much and have a great day!