Another day; another fake IRS email scam tries to steal your personal information.
Some UD folks report getting email this morning “confirming” a large federal income tax refund. The email even includes real links to real IRS sites and the exact language the IRS uses to warn people about phishing and other identity theft scams.
What’s the catch?
The email alleges that it contains “a copy of the approved 1040A form you have submitted,” sent to you as a Microsoft Word file. If you give in to curiosity and open the file, watch out!
If you open that Word file with macros enabled, the scammer’s malware will be delivered to your computer. One user reported seeing an ungrammatical error message urging him to turn Word macros on. Fortunately, he did not.
According to the Sanesecurity blog,
Currently these attachments try to auto-download Dridex, which is designed to steal login information regarding your bank accounts (either by key logging, taking auto-screens hots or copying information from your clipboard (copy/paste)).
The IRS does not send you files in this way. If you receive email alleging to be from the IRS, don’t click links or download files. Instead, go to irs.gov and look for the real information.