Security experts have issued alerts across the nation. The warnings toward late March revolve around a new phishing campaign that leverages the IRS to implement the Trojan Emotnet on systems.
Here are more details about the strategies used in the phishing emails:
The subject of the phishing emails is “IRS Tax Forms W-9,” and the sender address is bogus “IRS Online Center.” Numerous errors in the little message make up the email’s body. A 548MB Word document called “W-9 form.doc” is included in the 709KB “W-9 form.zip” attachment.
“You won’t find many genuine Word documents weighing 500MB or more. However, a file size of 500MB is a potential indicator that Emotet is lurking in the background. Malware authors are artificially pumping up the size of the document to try and fool or break security tools. This is because the large file size may prove too difficult for the tools to handle and adequately analyze. Emotet has been around since 2014. Created as a banking Trojan, later versions added malware delivery and spam services. Mainly featuring in email spam campaigns, a big focus of fake emails helping to deliver the infection include subjects like parcel shipping, invoices, and other forms of payment,” explains malware intelligence analyst Chris Boyd.