It appears the scammers are pulling out their tax time tricks before we even ring in the new year.
Just this past week, AppRiver's Advanced Email Protection filters captured emails that contained a link to a compromised website. Once the recipient clicks the link (in this case, the "Your Record of Account Transcript is attached"), it begins to download the Emotet Trojan loader.
As a polymorphic Trojan, Emotet relies on heavy obfuscation and evasion techniques to go undetected. It spreads itself through a variety of methods.These include the EternalBlue SMB v1 exploit, brute forcing of accounts, and email client credential theft combined with contact scraping.
According to IRS.gov, the IRS does not send out unsolicited e-mails to taxpayers about their accounts. They warn if you do receive an unsolicited email claiming to be from the IRS you should not reply to the message, not to click any link within the message and never give out your personal or financial information.
The site also advises that if you receive such an email to report it to email@example.com.