Original release date: August 23, 2019
The Internal Revenue Service (IRS) has issued a warning about a new email scam in which malicious cyber actors send unsolicited emails to taxpayers from fake (i.e., spoofed) IRS email addresses. The emails contain a link to a spoofed IRS.gov website that displays fake details about the targeted recipient’s tax refund, return, or account. The emails instruct the recipient to access their refund information by entering a provided password on the spoofed website. By entering the password, the victim unintentionally downloads malware that could enable the malicious cyber actors to take control of the affected system or obtain sensitive information.
The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the IRS news release and the CISA Tip on Avoiding Social Engineering and Phishing Attacks for more information.
This product is provided subject to this Notification and this Privacy & Use policy.
CISA published a Malware Analysis Report (MAR) with analysis and associated detection signatures on files…
CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence…
CISA released five Industrial Control Systems (ICS) advisories on July 29, 2025. These advisories provide…
CISA, along with the Federal Bureau of Investigation, Canadian Centre for Cyber Security, Royal Canadian…
CISA released two Industrial Control Systems (ICS) advisories on July 31, 2025. These advisories provide…
Today, CISA, in partnership with Sandia National Laboratories, announced the public availability of Thorium, a…
This website uses cookies.