That “Tax Document” Email from Robinhood or Schwab? It’s a Trap
Fake “Tax Statement” Emails Distribute Malware
tl;dr
Scammers are sending fake tax document emails that claim to be from investment platforms such as Robinhood and Charles Schwab. The links in these messages download malware rather than legitimate tax forms. Never click a link or download an attachment from an unexpected email, even if it appears to come from a trusted financial institution.
Fake Emails Claim Tax Forms Are Ready
New malware campaigns are circulating that imitate legitimate tax notifications from popular investment platforms, including Robinhood and Charles Schwab. The scam emails claim your tax documents or monthly statements are ready for download and invite you to click a link to access them.
The messages use convincing branding and professional language, with subjects such as “Your Tax Documents Are Ready” or “Your Monthly Statement is Ready.”
Some of the emails even include “security notices” claiming that the attached document must be opened on a Windows laptop or desktop, a trick designed to ensure that the malware runs on the intended target system.
Clicking the Link Downloads Malware
If you click the link, a malicious file is downloaded automatically. Opening the file can install malware on your computer. Depending on the variant, the malware may:
Steal stored passwords, browser data, or stored financial details.
Record keystrokes and screenshots.
Grant remote access to criminals, enabling them to install additional payloads or extract sensitive information.
Once installed, this malware can compromise both personal and business systems and may be used in further targeted attacks.
Similar to Earlier IRS-Themed Campaigns
This attack mirrors other malware campaigns that used fake IRS “tax statement” emails. In both cases, the scammers exploit the expectation that financial institutions will send out tax-related documents.
Scammers Use Tricks to Add Credibility
The use of major brands, such as Robinhood and Charles Schwab, adds credibility, increasing the likelihood that recipients will click the link without hesitation.
Moreover, investment companies regularly send emails to customers notifying them that financial statements are ready for viewing. Scammers attempt to exploit this by sending fake emails that mirror these genuine notifications.
How to Stay Safe
Never click links or download attachments from unsolicited emails about tax documents, investments, or account updates.
Check sender addresses in emails. The scam emails (see the screenshots below) originated from email domains not associated with Robinhood or Schwab.
Access your accounts directly by entering the official website address into your browser rather than following a link.
Keep your antivirus software up to date and run a full scan if you suspect you may have opened a malicious file.
Be cautious of strange platform restrictions, such as claims that you must use a specific device. Scammers often use such claims to manipulate behaviour.
Bottom Line
If an unsolicited email claims your tax or account documents are ready for download, treat it with caution. Always verify through your official account dashboard rather than via links in an email.
Clicking those links could give criminals access to your computer and your personal information.
Screenshots of the scam emails:
As always, thanks Brett!