Internet Storm Center Infocon Status

Search ISU Security

RSSSubscribe to the RSS Feed
ISU Information Security

IRS Scam Now Includes Ransomeware

Monday, January 4, 2016 17:29

Warn_NetworkScammers have long posed as government officials, attempting to scam unwary victims into giving away personal info and bilk them out of money. In the last few years ransomeware, malware that infects the victim’s machine and encrypts the victim’s data, threatening to destroy the data if the victim doesn’t pay up, has become a serious threat. Now the two scams are being combined in a malicious form.

Scammers are sending out fake emails claiming to be frm the IRS. Security firm Heimdal Security reports on the common format the emails take:

From: [spoofed / fake return address]

Subject Line: Payment for tax refund # 00 [6 random numbers]

Attached: Tax_Refund_00654767.zip -> Tax_Refund_00654767.doc.js

Within the email is a malicious attachment that when opened runs a script that download the malware to infect the victim’s machine with the ransomeware.

Users should always be wary when opening emails purporting to be from an official source and never open attachments or links within any email from an unknown or questionable source. If a user has questions about a purported official source, call the local offices of the department in question to ask directly about the validity of any email contact. (All US government departments have contact information on their websites and many will not contact a person through unsolicited emails. Use the contact info on the government website, not any given in the email.)

More Information

News article with further details about this particular attack

IRS Official webpage