Phishing bait:   E-mailed notices that appear to be IRS notifications of criminal complaints.


Example:   [Collected via e-mail, January 2015]


Dear business owner,

A criminal complaint has been filled against your company.

Your company is being accused of trying to commit tax evasion schemes.

The full text of the complaint file ( PDF type ) can be viewed on the IRS website, by visiting the following link:
http://www.irs.gov/complaints/view_complaint.aspx?complaint_id=334687&hash=934yt8dhui8g55

An official response from your part is required, in order to take further action.

Please review the charges brought forward in the complaint file, and contact us as soon as possible by:

Telephone Assistance for Businesses:
Toll-Free, 1-800-829-4933
Email: complaints@irs.gov


 

Origins:   Notices purporting to come from the Internal Revenue Service (IRS) make good phishing bait for a number of reasons:


  • Notices from institutions of the federal government (especially an agency with the ominous reputation of the IRS) grab people’s attention.
  • Unlike other phishing schemes that emulate mailings from various private financial institutions (e.g., Bank of America) and are therefore easily recognized as phony by many recipients (because they do no business with those companies), a forged IRS notice has the potential to take in a much larger pool of victims, as most adult U.S. residents have dealings with that agency.
  • Many people regard the IRS as a daunting and ominous agency, so the suggestion the IRS might be pursuing a criminal complaint over tax evasion issues is something that could cause consternation even among those totally innocent of any such wrongdoing.

A January 2015 mass phish e-mailing took advantage of those points, spamming millions of Internet users with phony notices that advised recipients they were being investigated over accusations of their companies’ involvement in tax evasion schemes. Recipients were advised to visit a particular URL to view the “full text of the complaint file,” a lure to entice them into clicking an embedded link that led not to the legitimate IRS web site, but to a foreign-based web site set to deliver a payload of malware to the hapless user’s computer.

The IRS never sends out unsolicited e-mails to taxpayers. When the IRS needs to contact a taxpayer, it sends notice via U.S. Mail, and every such notice includes a telephone number the recipient can call for confirmation. Should you need to visit the IRS web site for any reason, go there directly (by entering the www.irs.gov URL into your web browser) rather than following links in e-mail messages.

The IRS says about such e-mails that:



The IRS does not initiate taxpayer communications through e-mail. In addition, the IRS does not request detailed personal information through e-mail or ask taxpayers for the PIN numbers, passwords or similar secret access information for their credit card, bank or other financial accounts.

Do not open any attachments to questionable e-mails, which may contain malicious code that will infect your computer. Please be advised that the IRS does not initiate contact with taxpayers via e-mails.


Last updated:   21 January 2015