IRS warns of new ransomware scam

The Internal Revenue Service sent an urgent warning Monday about a new phishing scheme in which a scam email purporting to originate from the IRS and the Federal Bureau of Investigation is actually part of a ransomware effort to take computer information hostage.

The bogus email actually includes the emblems of both the IRS and the FBI. It tries to convince users to click on a “here” link to download a fake FBI questionnaire. Instead, the hyperlink downloads malware that prevents a victim from accessing the data stored on their device unless they pay money to the cybercriminals.

“This is a new twist on an old scheme,” said IRS Commissioner John Koskinen in a statement. “People should stay vigilant against email scams that try to impersonate the IRS and other agencies that try to lure you into clicking a link or opening an attachment. People with a tax issue won’t get their first contact from the IRS with a threatening email or phone call."

Koskinen-John-IRS
John Koskinen, commissioner of the Internal Revenue Service (IRS), speaks during a House Oversight and Government Reform Subcommittee hearing in Washington, D.C., U.S., on Wednesday, July 23, 2014. The U.S. House of Representatives voted this month to cut the IRS budget by $1.14 billion in another blow to the tax agency. The IRS has been under congressional scrutiny for more than a year since it said it had given extra attention to small-government groups seeking tax-exempt status. Photographer: Andrew Harrer/Bloomberg *** Local Caption *** John Koskinen

The IRS, along with state tax authorities and companies in the tax prep industry, have been collaborating on a partnership known as the Security Summit and are conducting an awareness campaign called Don’t Take the Bait warning tax professionals about different kinds of phishing scams, including ransomware.

The IRS cautioned victims not to pay a ransom, as it only encourages the criminals, and frequently the scammers won’t provide the decryption key even after a ransom is paid.

Victims should instead immediately report any ransomware attempt or attack to the FBI at the Internet Crime Complaint Center, www.IC3.gov, and forward any IRS-themed scams to phishing@irs.gov.

The IRS doesn’t use email, text messages or social media to discuss personal tax issues, such as those involving bills or refunds. For more information, see the “Tax Scams and Consumer Alerts” page on IRS.gov.

For reprint and licensing requests for this article, click here.
Tax scams Tax crimes Ransomware IRS
MORE FROM ACCOUNTING TODAY