The IRS is warning of a new attempt to infect computers with malware by impersonating the agency with seemingly harmless messages. The IRS stresses that it does not send out unsolicited emails and urges anyone who receives one to report it to email@example.com.
“The emails have links that show an IRS.gov-like website with details pretending to be about the taxpayer’s refund, electronic return or tax account,” the agency said in a news release. “The emails contain a ‘temporary password’ or ‘one-time password’ to ‘access’ the files to submit the refund. But when taxpayers try to access these, it turns out to be a malicious file.”
The agency said the messages use dozens of compromised websites and web addresses, making it difficult to shut down the operation.
Infecting computers with malware gives impostors the ability to control the taxpayer’s computer or secretly download software that tracks every keystroke, eventually giving them passwords to sensitive accounts, such as financial accounts.