If the 'IRS' Emails You, It's Probably Just Malware

Photo: Getty

Repeat after me: “The IRS does not initiate contact with taxpayers by email, text messages, or social media channels.”

Good. Armed with this knowledge you should be able to quickly spot if you’re about to fall victim to a ransomware attack.


Per Bleeping Computer, malicious spam currently circulating via email, purportedly from the “Internet Revenue Service,” contains an attachment infected with a new variant of the unimaginatively named Rapid Ransomware.

The malspam—malware spam—is being sent with subjects such as “Please Note - IRS Urgent Message.” The message suggests the recipient is behind on their tax payments and offers an attached “report” (a zip file) to allow the user to view how much money is owed.

As they say, “It’s a trap!”

Fake IRS malspam email dated February 8th. (Image: My Online Security)

The message won’t be very convincing to a discerning reader. In fact, it contains a hilarious hodgepodge of languages and identifiers. A sample email above, provided by My Online Security, has a United Kingdom address (xxxxx@nottscc.gov.uk) and the Word document attached contains a slew of instructions in German.

Opening the attachment will deploy the malware, which will scan the infected device and start encrypting random data files. It will also open several text files on screen instructing the user to initiate contact with the dickholes spreading the malware via email.


The process for decrypting the files likely involves a cryptocurrency payment in the standard hundreds-of-dollars range.

Rapid Ransomware note (Bleeping Computer)

This feels like a good time to remind everyone, once again, that the IRS does not initiate contact with US citizens via email. So if you receive an email from the IRS (and haven’t specifically asked the agency to email you), delete that message immediately, my friend.

Spread the word.

[Bleeping Computer]


Share This Story

About the author

Dell Cameron

Privacy, security, tech policy | Got a tip? Email: dell@gizmodo.com | Send me encrypted texts using Signal: (202)556-0846

PGP Fingerprint: A70D 517E FB9A 02C9 C56E 86D5 877E 64E7 10DF A8AEPGP Key
OTR Fingerprint: 2374A8EA 6D2B7712 0D82D659 C0FE8253 A3F080FD