From the IRS, November 27th 2018:
The IRS and Security Summit partners recently warned the public of a problematic scam affecting businesses. A surge of fraudulent emails impersonating the IRS and using tax transcripts as bait to entice users to open documents containing malware are on the rise. If a business’s employees open the malware, it can spread throughout the network and potentially take months to successfully remove.
This well-known malicious code, known as Emotet, generally poses as specific banks and financial institutions in its effort to trick people into opening infected documents. However, in the past few weeks, the scam masqueraded as the IRS, pretending to be from “IRS Online.” The scam email carries an attachment labeled “Tax Account Transcript” or something similar, and the subject line uses some variation of the phrase “tax transcript.”
Businesses should instruct employees to not open the email or the attachment, and to instead delete or forward the scam email to phishing@irs.gov.
Source: Tax Scams/Consumer Alerts | Internal Revenue Service