Scam Of The Week: Insidious New IRS Social Engineering Attack

170x170_road-sign-464653_1920.jpgThere is a new insidious IRS scam that you need to warn your employees, friends and family about, and inform your HR department to start with.

Seasoned internet criminals are sending bogus emails with attachments, text messages and even snail mail claiming to be from the IRS and using a phony Form CP 2000.
This form is normally mailed by the IRS when income reported by employers does not match the income reported on the taxpayer's income tax return. To further confuse the potential victim, the letter accompanying the phony IRS form indicates that the form relates to the Affordable Care Act.

This scam is being investigated by the Treasury Inspector General for Tax Administration. The real CP 2000 form is a hefty six-pager with instructions about what steps to take whether you agree or disagree with the assessment. At the moment, the crooks are extorting straight cash out of victims, but this may just as well be used as a vehicle for instant malware infections.

I suggest you send the following to your employees, friends and family. Feel free to copy/paste/edit:

"There is an insidious new IRS scam doing the rounds. They send you a phony IRS CP 2000 form and claim the income reported on your tax return does not match the income reported by your employer. This is meant to get you worried. To confuse you further, the bad guys claim this has something to do with the Affordable Care Act.

You might receive emails with attached phony forms, text messages and even live calls to your phone about this! You need to know that the IRS will never initiate contact with you to collect overdue taxes by an email, text message or phone call.

If you get any emails, text messages, old-time snail mail or even live calls about this, do not click on anything, do not open attachments, do not reply and if it is a call, hang up the phone . If you receive a "CP 2000" form in the mail and doubt this is legit, you can always call the IRS at 1-800-366-4484 to confirm it is a scam."

If you want a safe way for employees to report suspicious email to your organization's Incident Response team, download KnowBe4's complimentary Phish Alert Outlook add-in which gives your user a one-click option to send you any suspicious email including full headers.  Did I say there are no costs for this? You don't even have to be a KnowBe4 customer, and we will soon have a Gmail version too.

Get your Phish Alert Button

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

Subscribe To Our Blog

Cybersecurity Awareness Month 2022 Free Resource Kit

Get the latest about social engineering

Subscribe to CyberheistNews