It’s that time of the year again and while this particular fake notice has been around before, the frequency seems to peak around tax time in the U.S. It’s a wonder the ploy even works because the IRS NEVER communicates with taxpayers via email. Nevertheless, people fall for it and find themselves infected with malware. Of course, if you are not in the U.S. this one is easy to spot, since the IRS would have no business with you in the first place.
The message comes with one of these subject lines:
Rejection of your tax appeal.
Your tax return appeal is declined.
IRS notification of your tax appeal status.
I’ve seen other variations in the past, but the above are the most common ones.
The text of a typical message is shown below. Variations are common, but generally don’t stray far from this example:
Dear Business owner,
Hereby you are notified that your Income Tax Refund Appeal id#6636527 has been DECLINED. If you believe the IRS did not properly estimate your case due to a misunderstanding of the facts, be prepared to provide additional information. You can obtain the rejection details and re-submit your appeal by using the instructions in the attachment.
Internal Revenue Service
Of course, the attachment is malware and anyone clicking the link will be immediately infected. Sophos detects is as Mal/Iframe-AE.