Security News > 2023 > March > Emotet malware distributed as fake W-9 tax forms from the IRS
A new Emotet phishing campaign is targeting U.S. taxpayers by impersonating W-9 tax forms allegedly sent by the Internal Revenue Service and companies you work with.
Emotet is a notorious malware infection distributed through phishing emails that in the past contained Microsoft Word and Excel documents with malicious macros that install the malware.
After Microsoft began blocking macros by default in downloaded Office documents, Emotet switched to using Microsoft OneNote files with embedded scripts to install the Emotet malware.
Once Emotet is installed, the malware will steal victims' emails to use in future reply-chain attacks, send further spam emails, and ultimately install other malware that provide initial access to other threat actors, such as ransomware gangs.
In new phishing campaigns seen by security researchers at Malwarebytes and Palo Alto Networks Unit42, the Emotet malware targets users with emails containing fake W-9 tax form attachments.
Normally, tax forms are distributed as PDF documents and not as Word attachments, so if you receive one, you should avoid opening it and enabling macros.