A warning from the IRS of a surge of fraudulent emails impersonating the agency and using tax transcripts as bait to entice users. 

These ‘so-called’ phishing e-mails include documents containing malware. 

This scam is especially problematic for businesses whose employees might open the malware.     

The malware can spread throughout the network and potentially take months to successfully remove. 

Raphael Tulino, IRS Media Relations, So. California, SF Bay Area and Nevada, says, “Phishing scams are obviously quite pervasive and unfortunate these days and this is a variation of it.”  

The scam email carries an attachment labeled “tax account transcript” or something similar, and the subject line uses some variation of the phrase “tax transcript.” 

“This particular scam it pretends to be from the IRS. It has a tax transcript date to it, tax account transcript IRS online,” explains Tulino. “Some subject line of this variation using it to lure you into clicking on a link which has some sort of version of malware.”

According to the IRS, this malware, known as Emotet, generally poses as specific banks and financial institutions in its effort to trick people into opening infected documents. 

“The bottom line is emails pretending to be from the IRS, not the IRS, or the matter of correspondence is a letter in the mail not a random email enticing you to open documents which generally speaking contained malware which can do bad things to you,” adds Tulino. 

 Here are some suggestions from the IRS on what you can do if you receive this email scam: 

    1. As a reminder, the IRS does not send unsolicited emails. 

    2. Do not open the email or attachment. 

    3. Delete or forward the email to phishing@irs.gov

    4. If an email goes to your business, notify the company’s technology professionals. 

Experts have labeled the specific malware contained in these phishing emails among the most costly and destructive malware. 

If you have a scam you’d like me to investigate, feel free to send me an email at smasters@klfy.com.