The IRS posted an alert on their website warning of a malicious email making the rounds.

The email contains malware called Emotet, which the United States Computer Emergency Readiness Team (US-CERT) has described as “among the most costly and destructive malware affecting state, local, tribal, and territorial (SLTT) governments, and the private and public sectors.”


Email attachments continue to be a huge security issue

The IRS shared some of its findings after many users forwarded the malicious emails to them.

The sender of the malicious emails the IRS is warning about is masquerading as “IRS Online.” The subject line typically contains “tax transcript.” The email bears an attachment that has the name “Tax Account Transcript” or some permutation of this.

Opening the attachment can trigger the Emotet malware. This strain of malware can rapidly propagate across the network, creating a nightmare scenario that can be quite costly to fully reverse.

In the IRS alert, they remind the public that they don’t send unsolicited emails to the public. They would also not send a sensitive document like a tax transcript via email.


Email safety tips

  • If you’re in doubt about the authenticity of an email, try contacting the sender directly via their website (type the URL directly and don’t click on any hyperlinks in the email). You can also call the sender.
  • Avoid interacting with unsolicited emails. Again, if the email appears to be important, you can always follow the previous tip.
  • Avoid sending sensitive information via email. This includes personal information, financial account credentials, credit card numbers, and social security numbers.
  • Be very careful about attachments. Don’t open an attachment if you have any doubts about the email. Contact your IT department. InCare customers, please contact the 24/7/365 InCare help desk at 205-277-CARE.


InCare is an industry-recognized MSP and IT company providing computer networking and security services. We’re headquartered in Birmingham, AL, with offices in Montgomery, AL and Jackson, MS.


Get a free security consultation
reCAPTCHA is required.



Share This