Email Phishing Attackers Are Pretending To Be The IRS

Emotet is in the news again according to the latest information from email security firm Cofense. Emotet is notorious for spreading via phishing campaigns and this latest phishing campaign sees them impersonating the IRS.

By all outward appearances, the emails look legitimate. Emotet knows that with so many people feeling harried during tax season, potential victims are much less likely to look closely at incoming emails that claim to have tax documents since they're expecting tax documents anyway. While the particulars vary from one email to the next, the general gist of emails associated with this campaign goes as follows. "Hi, we're the IRS, and we're contacting your business with some completed tax forms," or, in some variants, "We're contacting you with some tax forms you need to fill out and send back to us." Again, given the timing of tax season, this is not at all out of the ordinary. A surprising percentage of email recipients are opening the included attachments.

Simply opening the emails won't doom you, but if you enter the password required to unlock the file attached to the email, you will doom yourself. Emotet will be installed in the background along with whatever additional malicious payload the hackers want to inflict on you. In addition to that the malware will rifle through your address book, absconding with the email addresses belonging to your contacts. It does this so it can use those addresses in future reply-chain attacks, thus extending the longevity of the campaign.

There's no good defense against this kind of attack except for vigilance. The standard email defenses apply here. Never open an attachment from someone you don't know. In cases where the recipient seems to be a government agency, call to verify that they have, sent you something that needs your attention, and examine the email closely. Be careful out there.

At Dallas Network Services, we work with a large variety of businesses based in Dallas and Fort Worth (DFW) and the surrounding area such as Addison, Plano, Carrollton, Denton, Richardson, Garland and beyond. We also extend our reach outside the area to include all Texas and other states. We provide on premise server support including Microsoft Exchange as well as Cloud computing services and hosted solutions. We specialize project services, network support, desktop support and voice over IP (VoIP) business phones. Our fully managed IT services will improve your business reliability as well as your bottom line. Contact us today at www.dallasnetworkservices.com chat or call 214-696-6630. #DNS#dallasnetworkservices#techsupport#hacker#cybersecurity#MSP