【】

Tax season is stressful enough without bad actors trying to steal your data.

A report from BleepingComputer (citing work by the data security firms MalwareBytes and Unit42) over the weekend revealed the existence of a new malware campaign designed to fool people waiting for tax documents to show up in their inboxes. It appears to be tied to Emotet, a particular strain of malware that's been infecting computers since 2014.

SEE ALSO:Scammers are spoofing ChatGPT to spread malware

How it works is simple: You get an email purporting to be from the IRS with an attached W-9 form for filling out tax filing information. It might come as either a ZIP file containing a Word document, or as a OneNote document.

Once you download the file, you might get a message saying that the document is protected, asking you to click a "view" button or enable certain settings to get access. Doing so is what puts the malware onto your computer.

Mashable Light SpeedWant more out-of-this world tech, space and science stories?Sign up for Mashable's weekly Light Speed newsletter.By signing up you agree to our Terms of Use and Privacy Policy.Thanks for signing up!

According to these reports, there are a few telltale signs that you're being messed with if you get one of these emails. First, tax forms almost always come attached as PDF files, not Word or OneNote documents. Second, if you open up a ZIP attachment and find that the Word doc waiting for you is more than 500MB in size, it's probably got malware on it.

That's waytoo big for a normal Word doc, but not coincidentally,isthe right size to fool your inbox's automatic malware scanning tools.

Check the email (including the email address of the sender) for any usual syntax or spelling errors. If someone is claiming to be from the IRS but doesn't have an email ending in ".gov," maybe hesitate before opening something they sent you. You always have the option of calling on the phone to confirm the legitimacy of what you've been sent, too.

---

Related Stories

---

• Protect yourself against data leaks and breaches
• ChatGPT can apparently make malware code on the fly, too
• Scammers are spoofing ChatGPT to spread malware
• '10 Macbooks' Twitter hack update: Not even Smash Mouth is safe
• Nasty bug allows hackers to take over many Android phones. Here's what you can do.

Tax forms can be obtained from the IRS website.

It's unfortunate that we have to worry about these things during an already unpleasant time of the year, but that's the world we live in.

TopicsCybersecurity

(责任编辑：焦點)