Yesterday I received what is perhaps the most convincing phishing e-mail that I’ve ever seen. It was supposedly from ‘[email protected]’ and it offered information on how to check on the status of your tax refund. It was relatively clean from a grammatical standpoint, and it offered several links for more information. Two of these led to actual IRS web pages, whereas the third led to a website out of Italy (or at least it was registered with a ‘.it’ top level domain) that looks just like an IRS web page, and had fields for entering your name, social security number, and credit card information.
Hello, identity theft! If only they had better timing — say, sometime during or shortly after tax season rather than the middle of December — they’d probably hook an awful lot of people. In case you’re curious, here’s what the message looked like (although it also had a graphical IRS header):
You filed your tax return and you’re expecting a refund. You have just one question and you want the answer now – Where’s My Refund?
Access this secure Web site to find out if the IRS received your return and whether your refund was processed and sent to you.
New program enhancements allow you to begin a refund trace online if you have not received your check within 28 days from the original IRS mailing date. Some of you will also be able to correct or change your mailing address within this application if your check was returned to us as undelivered by the U.S. Postal Service. “Where’s My Refund?†will prompt you when these features are available for your situation.
To get to your refund status, you’ll need to provide the following information as shown on your return:
Your first and last name
Your Social Security Number (or IRS Individual Taxpayer Identification Number)
Your Credit Card Information (for the successful complete of the process) [Note: Grammar was decent until here.]Okay now, Where’s My Refund? [Note: Link to phishing site removed.]
Note: If you have trouble while using this application, please check the Requirements to make sure you have the correct browser software for this application to function properly and check to make sure our system is available.
By law, Michigan Auto Insurance necessitates that you’ve got two no-fault policies: One web hosting injury protection, and the other is perfect for property protection. Major moving violations such as DUI, reckless operation of a vehicle, speeding in a school zone and hit and run, will likely cause a substantial increase in the rate. Finally, some companies and organizations offer specific discounts, so ask your employer and any other groups that you belong to see if they offer discounts.
I’ve had three of the same scam mails. One of the links is actually an executable file that presumably unloads nasties on your machine, most likely keystroke loggers with a Trojan back end.
The Subject is: Support IRS.gov
Email return is: [email protected]
The issue supposedly is Unreported/Underreported Income (Fraud Application) … at least they got that right.
The body includes:
To download your tax statement from Internal Revenue Service (IRS) website (click on the link below):
download tax statement: commensurate-00000700955160US.pdf
Which looks for to the casual observer like an Adobe Acrobat file. But the actual link includes a “.exe” extension.
This may be more invasive than just a phishing message.
Thank you! I got that same email! But for my stimulus! Ugh! I can’t believe I really was thinking that it was real! Thanks so much!
Yep, they just get more and more sophisticated. I have to keep a list of legit sites that I frequent and even then, it’s still a minefield (like when you get an email from “PayPal”).
Thanks for this heads up. I’ve linked to the post at my new blog Financial Revolution. What I find so surprising is not how legit this message looked, but why so many of these scams look so bad (typos, poor quality images, bad grammar.) Considering how lucrative these things are supposed to be, I would think more thiefs would put in the time to do it well.