Threat Alert: IRS-THEMED LURES Distribute Remote Management Tool

• A series of IRS-themed phishing attacks are distributing the remote monitoring and management (RMM) tool, Screen Connect.
• The lures spoof an IRS sender and claim the recipient has an IRS tax filing discrepancy; however, the sending addresses do not match any government domain.
• Recipients are directed to follow a link to a spoofed IRS-themed landing page.
• The landing page then instructs recipients to download tax forms for review, which installs ScreenConnect.

Key Action: Report Suspicious Emails 

• Go beyond surface clues. Familiar logos, branding, and names are not automatic indicator that an email is safe.  Cybercriminals often imitate well know organizations.
• Remember cybercriminals take advantage of strong emotions. Messages from a tax agency warning of discrepancies can be extremely stressful. Keep in mind cybercriminals seek to capitalize on moments of anxiety and the difficulty in thinking clearly in such situations
• Remember that cybercriminals commonly leverage current events in phishing attacks. Annual events like tax season give cybercriminals time to prepare, as well as allowing them to take advantage of the potential stress or urgency this time of year can bring.
• Report ANY suspicious emails using the Phish Alarm button.