Yesterday, the IRS released an urgent warning to avoid a newly found phishing scheme. The scam involved spoofing both the Internal Revenue Service as well as the Federal Bureau of Investigation, with hackers impersonating members of both agencies in order to hold users’ computer data hostage. The spoofed message uses emblems of the IRS and the FBI as it tries to entice the user to select a ‘here’ link to download a fake FBI questionnaire related to recent “changes” to U.S. Tax law. However, instead of downloading a questionnaire, ransomware is downloaded to the users computer which prevents the user from accessing their data. The hacker will then request money from the user in order to gain access to their files.
“This is a new twist on an old scheme,” said IRS Commissioner John Koskinen. “People should stay vigilant against email scams that try to impersonate the IRS and other agencies that try to lure you into clicking a link or opening an attachment. People with a tax issue won’t get their first contact from the IRS with a threatening email or phone call.”
The IRS does not use email, text messages or social media as an initial means of contact to discuss personal tax issues. They are currently working with state tax agencies and tax industries to create an awareness campaign called ‘Don’t Take the Bait’ and until then are urging all users to be vigilant and stay apprised of the situation. Additionally, the IRS is urging victims not to pay ransoms as paying will only further encourage criminals and there is no guarantee that the scammers will provide the decryption key after the ransom is paid.
For further information on this new warning, contact a certified GraVoc Information Security specialist below:
In this blog post, we discuss how outsourcing cybersecurity operations to a vCISO can help businesses, including SMBs, tackle the cybersecurity talent shortage.
In this blog post and video, we explore need-to-know privilege in cybersecurity and why it’s important for organizations to assign user permissions on a need-to-know basis.
In this blog post, we discuss the importance of email security for businesses and explore the VIPRE and Sendmarc email protection technology solutions.