Be on the lookout for attachments claiming to be W-9s. The attachment contains a malicious Microsoft OneNote document which will try to install Emotet malware.
Once Emotet is installed, the malware will steal emails to use in future reply-chain attacks, send further spam emails, and ultimately install other malware that provides initial access to other threats.
It’s the height of tax season, which also means it’s the height of tax-related phishing.
Tax forms are not typically distributed via OneNote.
Call and verify any attachments or links before opening.
Sources: Bleeping Computer, Malwarebytes and Unit42
Would you like a free, no-obligation Cybersecurity Benchmarking of your organization showing where you stand vs. industry-accepted practices? Click here to schedule a time with one of our associates.