Powered by Movable Type 3.121
Home The Book Training Events Tools Stats
Web log archive.
A Dispatch

« Google Resume Malware Lure | Main | About Copying Email URLs »

October 08, 2010

Another Fake IRS Email Message

Today's load of crap comes courtesy of someone impersonating the Internal Revenue Service's Electronic Federal Tax Payment System (EFTPS). The real one is a system set up to facilitate electronic submission of tax forms and payments. The message today claims to be of an urgent nature:

Phony IRS email message

The visible link is to the correct domain, but the actual URL of the link is to a hijacked web site. There, you will be immediately redirected to another domain that was registered yesterday (literally), and is currently being hosted in (drum roll)...Russia.

You need a Windows PC to visit the bogus site, and I don't have one available at the moment to throw into the volcano. This leads me to believe the site's intention is to load malware onto visitors' PCs, rather than phishing for login credentials. Unauthorized access to one's EFTPS account could cause harm by tampering with account information, but I think that the crooks would welcome all operating systems into that mix. Even so, the login credentials could be valuable because it's pretty likely they're the same ones used for other financial web sites.


As I continue to promote: The more dire and urgent an unexpected email messages sounds, the more likely it's a complete fake. If the IRS needs to contact you about something serious, it won't come in the form of an email that doesn't even mention your name (or your correct tax ID).

Posted on October 08, 2010 at 10:45 AM