Skip to main content

Fake IRS emails are delivering dangerous new malware this tax season

Tax season is upon us, which is creating ample opportunity for scammers. Researchers at security firm Heimdal have found a malware campaign that uses phony IRS emails to hit its targets.

The scam email purports to be about a tax refund but instead comes loaded with the Kovter trojan and CoreBOT malware. Kovtar is often used by cybercriminals to deliver ransomware. Kovtar is a little different because, once downloaded, it can sit on the registry rather than your disk. “The threat is also memory resident and uses the registry as a persistence mechanism to ensure it is loaded into memory when the infected computer starts up,” said a blog from Symantec last year, which detailed the malware’s features.

Recommended Videos

Meanwhile, CoreBOT is a well-known banking malware strain that can steal crucial login details. It largely targets online banking credentials in the U.S., Canada, and the U.K.

According to Heimdal, users need to keep an eye out the email subject line: “Payment for tax refund # 00 [6 random numbers]” and any zip attachment called “Tax_Refund_00654767.zip -> Tax_Refund_00654767.doc.js,” which people are of course advised never to download.

“But don’t let your curiosity get the best of you: not only is it a fake email, but it also carries plenty of danger within,” said Heimdal’s Andra Zaharia.

IRS scams are nothing new and have traditionally involved scam phone calls that target someone that believes they are being question by the agency for their personal details. The IRS has been warning users for years about potential phishing threats coming from fake IRS emails but this new discovery marks a slightly more dangerous threat.

IRS is keen to remind people that it will not contact anyone via email, social media, or text message. Be extra wary of any IRS emails that land in your inbox this tax season.

Jonathan Keane
Jonathan is a freelance technology journalist living in Dublin, Ireland. He's previously written for publications and sites…
WWDC 2025: Apple announces iOS 26, macOS 26, watchOS 26 and more
Major updates to iOS, macOS, watchOS, iPadOS, tvOS and visionOS
WWDC 2025 logo

Apple kicked off WWDC 2025 with its keynote presentation at its annual World Wide Developer's conference, and it was a bumper affair.

We were treated to a raft of updates across all of the firm's software platforms, as we were introduced to iOS 26, iPadOS 26, watchOS 26, macOS 26, tvOS 26 and visionOS 26.

Read more
ChatGPT was down: how the June 10 OpenAI outage unfolded
AI assistant ChatGPT and image creator Sora were down as part of a major OpenAI outage
ChatGPT logo on a phone

The popular AI assistant ChatGPT, and image generator Sora, suffered significant downtime as part of a major OpenAI outage today, June 10.

Downdetector showed reports regarding a ChatGPT outage started shortly before 12am PDT overnight and into June 10. This wasn't the first time we've seen ChatGPT go down, with an outage also occurring back in December 2024.

Read more
For gamers on a budget — this Amazon Basics gaming monitor is on sale for $110
The Amazon Basics 27-inch Full HD gaming monitor on a white background.

If you're still using a basic display with your gaming PC, then you're not maximizing its capabilities. You don't have to spend hundreds of dollars on an upgrade though, as you can get the 27-inch Amazon Basics Full HD gaming monitor for only $110 right now. That's a $40 discount from Amazon on its original price of $150, but we're not sure for how much longer, so we highly recommend proceeding with your purchase as soon as possible on one of the most affordable monitor deals for gamers today.

Why you should buy the 27-inch Amazon Basics Full HD gaming monitor

Read more