Skip to main content

Fake IRS emails are delivering dangerous new malware this tax season

fake irs emails are delivering dangerous new malware this tax season 1040 form being filled out
SeniorLiving.Org/Flickr
Tax season is upon us, which is creating ample opportunity for scammers. Researchers at security firm Heimdal have found a malware campaign that uses phony IRS emails to hit its targets.

The scam email purports to be about a tax refund but instead comes loaded with the Kovter trojan and CoreBOT malware. Kovtar is often used by cybercriminals to deliver ransomware. Kovtar is a little different because, once downloaded, it can sit on the registry rather than your disk. “The threat is also memory resident and uses the registry as a persistence mechanism to ensure it is loaded into memory when the infected computer starts up,” said a blog from Symantec last year, which detailed the malware’s features.

Meanwhile, CoreBOT is a well-known banking malware strain that can steal crucial login details. It largely targets online banking credentials in the U.S., Canada, and the U.K.

According to Heimdal, users need to keep an eye out the email subject line: “Payment for tax refund # 00 [6 random numbers]” and any zip attachment called “Tax_Refund_00654767.zip -> Tax_Refund_00654767.doc.js,” which people are of course advised never to download.

“But don’t let your curiosity get the best of you: not only is it a fake email, but it also carries plenty of danger within,” said Heimdal’s Andra Zaharia.

IRS scams are nothing new and have traditionally involved scam phone calls that target someone that believes they are being question by the agency for their personal details. The IRS has been warning users for years about potential phishing threats coming from fake IRS emails but this new discovery marks a slightly more dangerous threat.

IRS is keen to remind people that it will not contact anyone via email, social media, or text message. Be extra wary of any IRS emails that land in your inbox this tax season.

Editors' Recommendations

Jonathan Keane
Former Digital Trends Contributor
Jonathan is a freelance technology journalist living in Dublin, Ireland. He's previously written for publications and sites…
A new wave of powerful laptops rises to challenge the MacBook Pro
Apple MacBook Pro 16 downward view showing keyboard and speaker.

The MacBook Pro got really powerful in its most recent update. The 16-inch M3 Max configuration bumps the graphics performance significantly, making it unlike anything you can buy for professional content creators.

But Windows laptops are responding. There's a new wave of non-gaming laptops that are integrating GPUs up to an RTX 4070 and challenging the performance of the MacBook Pro -- often at a much lower price.
Samsung Galaxy Book4 Ultra

Read more
How to insert a checkbox in Word on Windows and Mac
A person using a computer in bed.

Whether you’re outlining a recipe or putting together a daily to-do list, Microsoft Word is a great tool for keeping all your ideas and information organized. Beyond its word processing capabilities, you’ll even be able to create electronic checkboxes that you can tick and untick. It’s really easy to do, and we put together this step-by-step guide to teach you how.

Read more
The most common Zoom problems and how to fix them
zoom privacy feature freeze active users meeting office

Is Zoom giving you problems and you're not quite sure how to solve them? Fortunately, troubleshooting Zoom issues doesn't always have to be difficult. You can actually fix quite a few of its problems yourself. To help get your Zoom calls working properly, we’ve collected the most common Zoom problems users face and have provided easy solutions to be able to fix them.

If you also use m or are making the switch to Zoom because of issues with Teams, check out our guide to fixing Microsoft Teams problems; maybe you will find a solution there so you won't have to make the switch.
Webcam or audio not working

Read more