On August 28th, 2017, the IRS sent out a bulletin advising people to beware of a phishing strategy now employed by criminals. Upon first glance, the new ransomware seems to come from either the IRS or the FBI…but it’s not.
Here’s the official bulletin from the IRS: https://www.irs.gov/newsroom/irs-issues-urgent-warning-to-beware-irs-fbi-themed-ransomware-scam
In its warning to the public, the IRS stated that “The scam email uses the emblems of both the IRS and the Federal Bureau of Investigation. It tries to entice users to select a “here” link to download a fake FBI questionnaire. Instead, the link downloads a certain type of malware called ransomware that prevents users from accessing data stored on their device unless they pay money to the scammers.”
IRS Commissioner John Koskinen said, “This is a new twist on an old scheme… People should stay vigilant against email scams that try to impersonate the IRS and other agencies that try to lure you into clicking a link or opening an attachment. People with a tax issue won’t get their first contact from the IRS with a threatening email or phone call.”
Email, Social Media, and Text Messaging
The thing that the IRS emphasized is that the IRS does NOT use email, social media, or text messaging to communicate with U.S. citizens regarding personal tax issues.
The message from the FBI regarding its communication procedures is nearly identical.
So if you get an email, social media message, or text message that claims to be from the IRS or the FBI DO NOT CLICK on the links.
If you have any questions, go directly to the IRS or FBI websites and call the numbers listed there for assistance.
Have you already fallen victim to this scam?
Don’t pay the ransom.
IRS representatives said, “Victims should not pay a ransom. Paying it further encourages the criminals, and frequently the scammers won’t provide the decryption key even after a ransom is paid. Victims should immediately report any ransomware attempt or attack to the FBI at the Internet Crime Complaint Center, www.IC3.gov. Forward any IRS-themed scams to firstname.lastname@example.org.”
So, what do you do instead of paying the ransom?
Call a professional IT team such as Infiniwiz to survey your data recovery options and help you get through this with as little pain as possible.
How well is your network set up to block ransomware attacks?
Have your employees been trained to spot phishing and social engineering ploys?
Keep criminals away from your company and your confidential data!