The Future Is Here
We may earn a commission from links on this page

The IRS Won't Send You Unsolicited Emails, So Don't Fall for This Malware Tax Scam

It's tax season again, and the scammers are out. Avoid these clear and present dangers.

We may earn a commission from links on this page.
Image for article titled The IRS Won't Send You Unsolicited Emails, So Don't Fall for This Malware Tax Scam
Photo: Zach Gibson (Getty Images)

Be on the lookout for suspicious-looking emails until April 18th, the end of tax season.

If you’re wondering why, it’s because every cybercriminal and their mother are currently scanning for the weakest member of the digital herd—and they’re hoping said weak link is just foolhardy enough to click on their half-baked phishing ploys. Yes, this time of year, e-criminals like to dress up and play IRS agent. They are sending out official-looking emails, stamped with IRS insignia and all, that just so happen to be loaded with malicious software.


In that spirit, I don’t know who needs to hear this right now, but listen up: the IRS does not send out unsolicited emails. The agency corresponds largely through snail mail, so, if you get an email out of nowhere, you’re likely just chatting with a hacker, not a duly appointed federal official.

This year, one of the more nefarious scams involves the powerful malware botnet Emotet. Email security firm Cofense reports that Emotet has been taking advantage of tax season to impersonate IRS officers and send out malware-laden emails that purport to contain tax information and refunds. However, attached to the emails are zip files that, when opened, unleash the botnet’s odious malware onto a victim’s computer.


This isn’t the first impersonation scam that Emotet has pulled. The group made similar phishing ploys in 2018 to great effect. They’ll almost certainly do it again. Tax season is always rife with cybercrime and fraud, and you don’t want to be one of the unlucky few who ends up getting ensnared. Actually, “few” might be a bit of an understatement. Last year, the Federal Trade Commission reported that some 89,000 Americans got caught up in tax-related scams.

Thus, consider this your casual tax season cybersecurity PSA. In brief: stay frosty, vet your emails carefully, and for god’s sake, file your shit already and get on with your life.