It all start with a message apparently sent by the tax organization, telling the user that a recently-passed law requires tax payers to download and install a new software in order to submit their taxes:

“Dear Tax Payer,
As part of new requirements from the IRS, all U.S. Citizens are required by law to update their computers with new tax software.
To begin the update, please visit and click "Open" when asked to begin the download.
After doing so, no further action is required on your part.
Thank you for your cooperation.

Then, the user is directed to a bogus IRS web page, from where the user can download and install the so-called “software”. Needless to say, the user is in fact downloading a piece of malware, Symantec notes.

There’s a second such attack in the wild too, which tries to take advantage of those using the TurboTax tax preparation software. This time, the user is told that a new software update is required, which can be downloaded from a fraudulent site which offers a Trojan.

“Be alert during tax season for those preying on you for sinister purposes such as stealing of personal information and spreading viruses,” wrote Symantec’s Kelly Conley. “Above all, do not download anything on your computer unless you are sure that it is what it says it is and comes from someone you know and trust or a reputable company. Remember, if you don’t know whether it’s legit, it’s better to be safe than sorry. You can always call the company’s support line from a phone number retrieved on their official site with details of the message and ask them if it truly came from them.”