These tax season scams aim to steal your passwords and bank details – here's what to watch out for

Cyber criminals are trying to exploit this year’s tax season by sending out phishing emails claiming to be from the IRS but which are actually designed to infect victims’ PCs with malware or trick users into handing over personal data including bank details, usernames, passwords and other sensitive information. 

Detailed by cybersecurity researchers at Fortinet, the scams aren’t particularly sophisticated but are being sent out in bulk at a time when people are aware of tax deadlines – and even if just a fraction of those receiving the phishing emails get duped, hackers can steal a lot of data.  

ZDNet Recommends

One of the phishing campaigns is based around an email that purports to be from the U.S. Internal Revenue Service (IRS) and is designed to infect the victim with Emotet malware, a powerful trojan used to steal passwords that also creates a backdoor onto the infected computer. 

SEE: How to keep your bank details and finances more secure online

Claiming to be from ‘IRS Online’, the email with the subject of ‘Incorrect Form Selection’ asks victims to open an attachment called “W-9” – also providing the target with a plain text password needed to open

Read More: