View All R&D Articles

IRS Warns of Ransomware Hidden in Scam Email

September 1, 2017

The IRS warned that a phishing email impersonating the agency is making the rounds. The email contains emblems of both the IRS and FBI but is from hackers, not the governmental agencies.

“This is a new twist on an old scheme,” said IRS Commissioner John Koskinen. “People should stay vigilant against email scams that try to impersonate the IRS and other agencies that try to lure you into clicking a link or opening an attachment. People with a tax issue won’t get their first contact from the IRS with a threatening email or phone call.”

The email shows obvious signs of a phishing scheme, but official emblems can scare victims.

The email claims, “Owing to changes of tax laws of the United States of America of June 21, 2017…any business activity…is transferred under the special control of the Federal Bureau of Investigation.” A careful eye will spot typos, awkward phrasing, and the unusual premise that the FBI now controls all overseas business activity of U.S. citizens.

fake IRS message

Of course, receiving an email with the emblem of the IRS and the FBI will undoubtedly frighten some recipients. Most of us feel comfortable marking as spam or deleting emails that have obvious signs of a scam. A less tech-savvy computer user may feel compelled to at least check what the purported questionnaire asks.

Unfortunately, that’s exactly what the scammers want. Clicking on the questionnaire leads to the ransomware installing on a victim’s computer and encrypting their files. Once ransomware encrypts a victim’s files, restoring them is an uphill—and sometimes impossible—battle. Prevention is key.

The IRS also released a series of guidelines for tax professionals to avoid ransomware.

The advice is sound for all internet users, but reflects the growing popularity of attacking small businesses instead of individuals or large companies.

“Tax professionals face an array of security issues that could threaten their clients and their business,” IRS Commissioner John Koskinen said. “We urge people to take the time to understand these threats and take the steps to protect themselves. Don’t just assume your computers and systems are safe.”

Below are select highlights from the guidelines:

  • Educate employees on dangers of ransomware.
  • Install any available patches for operating systems, software, and firmware.
  • Use antivirus and anti-malware software for regular scans.
  • Only give administrator privileges when necessary.
  • Back up data regularly and disconnect that data from computers and networks to isolate it.

If you receive an IRS-themed phishing email, forward it to for investigation. You can report any other suspected ransomware attacks to the FBI’s Internet Crime Complaint Center. Beware of scammers using official emblems, and when in doubt, don’t click.