Fake W-9 Tax Forms from the IRS
Emotet is a sophisticated malware that is primarily spread through phishing emails that contain infected attachments or links to infected Microsoft Word or Excel documents. These emails are usually disguised as legitimate emails from well-known organizations or businesses, such as banks, shipping companies, and government agencies like the IRS.
Recently, Emotet has emerged again with a new tactic to target U.S. taxpayers during the tax season by sending fake W-9 tax forms via phishing emails. These emails contain attachments, usually in the form of a Zip File, Word or OneNote document, that are infected with the Emotet malware.
Source: Malwarebytes
The documents contain malicious macros that install the malware onto the victim’s computer once they are enabled. The emails are designed to look like they are from the IRS or other legitimate organizations, and they often include urgent language that urges the recipient to act quickly to avoid penalties or fines.
They can also be e-mail reply chains that pretend to be from legitimate business partners as found below.
Source: Unit42
Once Emotet infects a computer, it can do serious damage. It can steal sensitive information, such as login credentials, email addresses, and other personal data. Emotet can also download and install other malware onto the victim’s computer, such as ransomware or banking Trojans, which can further compromise their data and privacy. Emotet is also capable of spreading to other devices on the same network, which can be a significant threat to businesses and organizations.
To protect yourself against Emotet and other types of malware, it is important to be vigilant when opening emails or attachments from unknown sources.
- Always verify the authenticity of any requests for personal information, especially those that come from unexpected sources.
- Use a reliable antivirus program and keep your operating system and software up to date with the latest security patches and updates.
- Use strong, unique passwords.
- Enable multi-factor authentication whenever possible to add an extra layer of security.
- Perform regular security scans of your devices and networks.
- Train employees and staff on phishing and social engineering hacking tactics.
- Regularly backup important data externally outside of your existing network.
With over 25 years of experience, we at Motiva Networks can help you plan and see if your data has been compromised with a Free Confidential Cybersecurity Risk Assessment. Or you can schedule a quick 10-minute call to discuss the best options for your Agency or small business, or go over any questions you might have HERE.
Walter Contreras
Walter Contreras has over 25 years of experience in information technology, including cybersecurity, with a focus on the Insurance Industry. As both a computer scientist and a graduate of the Columbia University Business School’s Executive MBA program, Walter understands how the world’s digital transformation is impacting small and medium businesses. His mission is to deploy information technology to protect and empower entrepreneurs.
