Hi guys,

A new cyber attack is targeting American taxpayers using fake W-9 tax forms.

Here’s what you need to know:

  • The Emotet malware is being spread through phishing emails pretending to be from the IRS or companies you work with.
  • These emails contain attachments that look like W-9 tax forms but are malicious files designed to infect your computer.
  • This attack is timed to coincide with the US tax season.

If you are unlucky enough to be infected with this malware, here is what it is capable of:

  • Email theft: Emotet malware can steal victims’ emails and use them for future reply-chain attacks or to send further spam emails.
  • Malware distribution: Emotet can install additional malware on the infected device, providing initial access to other threat actors, such as ransomware gangs.
  • Data theft: Emotet can steal sensitive information, such as contacts, login credentials, and personal data stored on the infected device.
  • Network compromise: Emotet can spread within a network, infecting other devices and potentially causing widespread damage to an organization’s infrastructure.

How to stay safe:

  • Be cautious of emails claiming to contain W-9 or other tax forms, especially if they come from unknown senders.
  • Tax forms are usually distributed as PDF documents, not Word or OneNote attachments. Avoid opening unfamiliar file types.
  • If you receive a suspicious email, contact the sender by phone to confirm if they sent it before opening any attachments.
  • Always scan email attachments with antivirus software before opening them. However, avoid uploading sensitive documents like tax forms to cloud-based scanning services.
  • The best defence is to delete suspicious emails from people you don’t know or cannot confirm the legitimacy of.

Stay vigilant and protect your personal information. If you have any concerns or questions regarding privacy and security, don’t hesitate to contact the Privacy Care team via the Incognito app. Our team is always ready to assist you and guide you to stay protected online.

Have a great rest of your day.

All the best,

Max Roberts,
Incognito Privacy Care Team