The IRS and malware researchers warned this week of spear phishing scams specifically targeting corporate executives.
The scam emails, some of which purport to make these targeted executives aware of an investigation, download a trojan that seeks victims’ passwords and uploads them to remote servers.
The emails tell recipients that their "original (Microsoft Word) document was not fully loaded," and ask them to "please double-click to reload msword.exe."
While phishing schemes using the IRS as a lure are nothing new, this scam is noteworthy because it specifically targets corporate executives, said Ken Dunham, senior engineer and director of the Rapid Response Team at VeriSign iDefense.
"Attacks targeting executives are increasingly common. Executives should be on the alert for potentially hostile RTF and DOC files delivered over email, containing potentially hostile embedded files such as EXE and PDF," he said. "This latest attack is not highly prevalent on a global scale, but represents a clear and present emerging threat against corporate executives."
The IRS on Thursday warned taxpayers of a bogus email claiming the recipient is under investigation for a false tax return sent to the California Franchise Tax Board. Other versions have claimed that a complaint has been filed against the recipient’s company and that the IRS can act as an arbitrator, according to an agency advisory.
The agency advised that it does not send out unsolicited emails or ask for personal or financial information.
"Everyone should beware of these scam artists," said Kevin Brown, acting IRS commissioner, in a Thursday news release. "Always exercise caution when you receive unsolicited emails or emails from senders you don’t know."
Earlier this week, researchers warned of a similar spear phishing email that claims to be from the Better Business Bureau.
The emails entice users into downloading keyloggers that can be used to collect personal or financial information, researchers said.
Get more IT security news. Click here for SC Magazine Blogs.