The IRS and its Security Summit partners on Nov. 19 warned the public of a surge of fraudulent emails impersonating the IRS and using tax transcripts as bait to entice users to open documents in the email containing malware.

The scam is especially problematic for businesses whose employees might open the malware because this malware can spread throughout a network and potentially take months to successfully remove.

The Security Summit, which was convened by the IRS in 2015, is a coalition designed to combat identity theft refund fraud to protect the nation's taxpayers. It consists of IRS, state tax agencies and the tax community, including tax preparation firms, software developers, payroll and tax financial product processors, tax professional organizations, and financial institutions.

What to Watch For

The malware, known as Emotet, generally poses as specific banks and financial institutions in its effort to trick people into opening infected documents.

However, in the past few weeks, the scam masqueraded as the IRS, pretending to be from "IRS Online."

The scam email carries an attachment labeled "Tax Account Transcript" or something similar, and the subject line uses some variation of the phrase "tax transcript."

These clues can change with each version of the malware. Scores of these malicious Emotet emails were recently forwarded to the IRS.

The United States Computer Emergency Readiness Team issued a warning in July about earlier versions of the Emotet malware and has labeled it "among the most costly and destructive malware affecting state, local, tribal, and territorial governments, and the private and public sectors."

What to Do

The IRS reminds taxpayers it does not send unsolicited emails to the public, nor would it email a sensitive document such as a tax transcript, which is a summary of a tax return.

The IRS urges taxpayers not to open the email or the attachment.

If using a personal computer, delete or forward the scam email to the IRS.

If you see the scam email using an employer's computer, notify your company's IT professionals.


For more information about protecting your small business against cyber threats, visit CBIA's cybersecurity resources, where you can download the Small Business Cybersecurity Workbook, view on-demand cybersecurity webinars, and much more.