CATEGORIES
home News

The Tax Man Cometh But Beware Of Fake IRS W-9 Forms Laced With Emotet Malware

by Aaron LeongMonday, March 27, 2023, 11:11 AM EDT
hero scamEnter
A scary malware called Emotet could be coming to an inbox near you, so beware as you file your taxes this year. If you see an email looking suspiciously like what we're about to describe, do not open it.

Major malware app developer Malwarebytes announced a new phishing attack making its rounds just as U.S. taxpayers are busy getting their taxes done. Disguising as legitimate-looking emails with W-9 forms sent by the Internal Revenue Service, the malware Emotet is ready to pounce the moment its attachment is opened. 

Emotet is said to originate sometime around 2014 from Ukraine and is considered some of the most dangerous malware in circulation. Once installed by the unsuspecting user, Emotet sends spam emails or reply-chain attacks using the victims' mailboxes and installs further macros that can gain access to users' systems to deliver ransomware or other malicious payloads.

easset upload file60400 262506 e
(Image: Malwarebytes)

In this scenario, Malwarebytes shows what the perpetrating email looks like. At first glance, it seems to come from a legit email sender, with an unassuming subject line of "IRS Tax Forms W-9" and has official looking footers. However, it doesn't carry much text and contains a zipped attachment, titled "W-9 form.zip." The attached file is roughly 709 kB. Unzipped, the file contains a Word document called "W-9 form.doc" with a suddenly-inflated file size of 550MB. Malwarebytes states that MS Office files like this one that come in at 500MB or more are rarely legit. This file size inflation is a tactic used to fool many built-in virus/malware software that have a limit of file sizes that they can effectively scan.

easset upload file3817 262506 e
(Image: Malwarebytes)

Opening the file reveals the next red flag. The file attempts to run some macros, and because Microsoft disables running macros by default, potential victims will see the above message, coaxing them to enable macros.

As the tax dateline looms, we suggest that you be extra vigilant around suspicious emails such as the one above or those that promise you refunds via email correspondence. Don't feel pressured (and fall into) tax scammer traps—most tax-related filing/documentation is done on dedicated government portals, tax websites, and by mail.
Tags:  Malware, Tax, scam, Malwarebytes, IRS, emotet, w-9
TOP CONVERSATIONS
Your Next PC Platform?
More Results
KEEP INFORMED
SITE

Home

Reviews

News

Blogs

Full Site

Sitemap

CATEGORIES

PC Components

Systems

Mobile

IT Infrastructure

Leisure

Videos

COMPANY

About

Advertise

News Tips

Contact

Privacy And Terms

HotTech

MORE

Accessibility

Shop

STAY CONNECTED

Twitter

Facebook

YouTube

RSS

As an Amazon and Howl Technologies Associate, HotHardware earns a commission from qualifying purchases made on this site. This site is intended for informational and entertainment purposes only. The contents are the views and opinion of the author and/or his associates. All products and trademarks are the property of their respective owners. Reproduction in whole or in part, in any form or medium, without express written permission of Hot Hardware, Inc. is prohibited. All content and graphical elements are Copyright © 1999 - 2024 David Altavilla and Hot Hardware, Inc.
All rights reserved. Privacy and Terms - Accessibility Commitment