Tax season is upon us and spammers are taking full advantage of the situation. Reports of fraudulent emails that appear to come from the IRS are popping up. The email states that all employers need to complete the attached W-2 update form. Unfortunately, the attachment contains a remote administration tool that allows the attacker to execute commands on the system.
The malicious file is named W2-Form and has various file extensions including .rtf, .pdf, and ,.doc.
While this attack targets employers, I suspect that the next wave will target employees. Possible scenarios include malicious attachments as described above and directing employees to fake corporate websites.
Employers should notify their employees of how W-2 information will be delivered and warm them of possible fraudulent emails. For more information on reporting these types of malicious emails visit