That tax form could be malware in disguise. Here's how to tell.
Tax season is stressful enough without bad actors trying to steal your data.
A report from BleepingComputer (citing work by the data security firms MalwareBytes and Unit42) over the weekend revealed the existence of a new malware campaign designed to fool people waiting for tax documents to show up in their inboxes. It appears to be tied to Emotet, a particular strain of malware that's been infecting computers since 2014.
How it works is simple: You get an email purporting to be from the IRS with an attached W-9 form for filling out tax filing information. It might come as either a ZIP file containing a Word document, or as a OneNote document.
You May Also Like
Apple AirPods Pro 3 Noise Cancelling Heart Rate Wireless Earbuds — $219.99 (List Price $249.00)
Apple iPad 11" 128GB Wi-Fi Retina Tablet (Blue, 2025 Release) — $274.00 (List Price $349.00)
Amazon Fire HD 10 32GB Tablet (2023 Release, Black) — $69.99 (List Price $139.99)
Sony WH-1000XM5 Wireless Noise Canceling Headphones — $248.00 (List Price $399.99)
Blink Outdoor 4 1080p Security Camera (5-Pack) — $159.99 (List Price $399.99)
Fire TV Stick 4K Streaming Device With Remote (2023 Model) — $24.99 (List Price $49.99)
Shark AV2511AE AI Robot Vacuum With XL Self-Empty Base — $249.99 (List Price $599.00)
Apple Watch Series 11 (GPS, 42mm, S/M Black Sport Band) — $339.00 (List Price $399.00)
WD 6TB My Passport USB 3.0 Portable External Hard Drive — $138.65 (List Price $179.99)
Dell 14 Premium Intel Ultra 7 512GB SSD 16GB RAM 2K Laptop — $999.99 (List Price $1549.99)
Once you download the file, you might get a message saying that the document is protected, asking you to click a "view" button or enable certain settings to get access. Doing so is what puts the malware onto your computer.
According to these reports, there are a few telltale signs that you're being messed with if you get one of these emails. First, tax forms almost always come attached as PDF files, not Word or OneNote documents. Second, if you open up a ZIP attachment and find that the Word doc waiting for you is more than 500MB in size, it's probably got malware on it.
That's way too big for a normal Word doc, but not coincidentally, is the right size to fool your inbox's automatic malware scanning tools.
Check the email (including the email address of the sender) for any usual syntax or spelling errors. If someone is claiming to be from the IRS but doesn't have an email ending in ".gov," maybe hesitate before opening something they sent you. You always have the option of calling on the phone to confirm the legitimacy of what you've been sent, too.
Tax forms can be obtained from the IRS website.
It's unfortunate that we have to worry about these things during an already unpleasant time of the year, but that's the world we live in.
Topics Cybersecurity
Alex Perry is a tech reporter at Mashable who primarily covers video games and consumer tech. Alex has spent most of the last decade reviewing games, smartphones, headphones, and laptops, and he doesn’t plan on stopping anytime soon. He is also a Pisces, a cat lover, and a Kansas City sports fan. Alex can be found on Bluesky at yelix.bsky.social.
