There's a threat actor who was recently discovered who is pretending to be the IRS in order to spread ransomware. The email has been shared online and the body of the phishing email reads as follows:
“The Internal Revenue Service (IRS) is the revenue service of the United States government. The government agency is a bureau of the Department of the Treasury. The IRS is responsible for collecting taxes and administering the Internal Revenue Code, the federal statutory tax law of the U.S. Our duty is to maximize tax revenue, as well as pursuing and resolving instances of erroneous or fraudulent tax filings.
Owing to changes of tax laws of the United States of America of June 21, 2017, any business activity of resident or non-resident citizens of the United States of America abroad, in particular the belonging of offshore companies, equity participation and offshore capitals, is transferred under special control of the Federal Bureau of Investigation.
FBI requires a completed questionnaire here with absolutely reliable information. The questionnaire should be printed, filed out, and signed in the specified places, scanned and sent within 10 days from the reception of this letter.”
Given what's available on the Dark Web, and Microsoft's dominant market share on the desktop, the ransomware likely exploits Windows vulnerabilities.
In 2017, I hope that most Americans are aware that if the IRS wanted documentation from them, they would contact you by snail mail or ask you to visit their website to download a PDF from there. If the FBI is investigating you, if you were ever notified, it'd likely be through law enforcement. The FBI certainly doesn't investigate financial fraud by contacting their suspects through the IRS like this. And the FBI doesn't do any of the IRS's routine work, either.
Bottom line: The FBI doesn’t send emails.
Still, many people are terrified of authority and attackers know and exploit this as a form of social engineering in order to get what they want from the victim. After all, who wants to be pursued for owing hundreds of thousands of dollars, or worse, go to prison?
“This is a new twist on an old scheme. People should stay vigilant against email scams that try to impersonate the IRS and other agencies that try to lure you into clicking a link or opening an attachment. People with a tax issue won’t get their first contact from the IRS with a threatening email or phone call,” IRS Commissioner John Koskinen said.
About a month ago, the IRS released recommendations for dealing with ransomware. That effort is a part of their “Don't Take The Bait” campaign.
I think their advice is excellent. Here's some of it:
If you notice a scam related to IRS impersonation, please email firstname.lastname@example.org.
If you are the victim of a ransomware attack, whether or not it involves impersonating a U.S. government agency, report it to the FBI through the Internet Crime Complaint Center.