As the 2022 tax season approaches, numerous active phishing campaigns impersonating the IRS to steal people's sensitive data and potentially money have been uncovered.
One such campaign was recently detected by cybersecurity researchers at Cofense, who found threat actors posing as the Internal Revenue Service (IRS), sending emails containing tax forms and federal filings.
In most cases, the emails contain fake 2021 tax return forms, W-9 forms, or other tax documents that are usually distributed around this time of year. These documents, whether they are Word files or Excel files, contain malicious macros and, if activated, will download Emotet malware.
Ransomware distribution
Emotet has several functions, the two most basic are: to spread to more machines via email; and to spread level two malware. Cofense says that these days Emotet is mostly used to deliver Cobalt Strike, ransomware payloads, or SystemBC remote access Trojan. When it infects a machine, it tries to sneak into your inbox and uses existing threads to redistribute itself without arousing suspicion.
Among these threats, ransomware seems to be the most obvious, given that Emotet is developed by the Conti Ransomware group.
The best way to protect yourself against these attacks is to be vigilant when opening emails or downloading attachments. The IRS never sends unsolicited email and will only correspond through the Postal Service.
When you receive emails with attachments or links, it's important to double-check the sender's name and address, as this is often the first place you might notice a red flag. Additionally, typos, poor English, and visual identity mismatch can also be clues to a potential phishing attack. And finally, hovering over a hypertext keyword in an email returns its real address.
Via: BleepingComputer