(ConservativeInsider.org) – With the April 18 tax deadline looming on the horizon, many Americans are feeling the pressure to wrap up their taxes and file them quickly. With this schedule, many are tracking down the last form or two they need. So, when an email appears in their inbox saying the IRS needs them to complete another form, many unsuspecting people click on it. However, the form is actually a scam that can install malware on your computer and steal your personal data.
Cybersecurity experts are now warning Americans about a new phishing scam, where hackers send a fake W-9 tax form that appears to be from the Internal Revenue Service (IRS) or a recent employer. The vague email encourages users to click on a Microsoft Word or Microsoft OneNote file, which in turn downloads to the user’s computer. From there, Emotet malware installs on the hard drive, where it can begin gathering data, passwords, and other personal information.
— Cyber Intel Mag (@CyberIntelMag) March 27, 2023
One clear sign this is a scam is the large file size. In screenshots shared by MalwareBytes.com, it’s clear the 548 MB file contains more than just a short W-9 form. It indicates that malware is likely hidden within the file. A download this large also makes it more difficult for antivirus software to fully scan.
One of the quickest ways to fall into this trap is to file your return at the last minute. That added pressure can mean responding to fake emails you otherwise would have ignored.
To keep yourself safe from such scams, there are a few things to do. First, only open emails from people you know, and if you have a question, contact the sender by phone to ensure the email and attachment are actually from them. Secondly, question any emails that seem incomplete, too good to be true, or emotionally manipulative. For instance, tax forms will never be sent by email or text in a form that you can edit, such as in Microsoft Word. They will most commonly be PDF-type files that cannot be edited. Lastly, file your taxes early with a reputable person or company and be suspicious of promises of quick refunds (24 to 48 hrs) or directions to sign in to your bank to deposit your refund.
You are the first line of defense against hackers trying to access your personal data, it is essential to be aware of the latest phishing and malware schemes.
Copyright 2023, ConservativeInsider.org