IRS.GOV phising email

8 posts / 0 new
Last post
IRS.GOV phising email

Got this very important notification from the IRS today. Posting it here to see what our in-house phisherman thinks and as a general warning:

From: Internal Revenue Service
Subject: Notice of Underreported Income
Date: September 17, 2009 08:16:57 AM

Taxpayer ID: help-0000174023947US
Issue: Unreported/Underreported Income (Fraud Application)

Please review your tax statement on Internal Revenue Service (IRS) website (click on the link below):

review tax statement for taxpayer id: help-0000174023947US

Internal Revenue Service

The link to review my non-existent tax statement goes to:

Note that the actual domain is "", and is a subdomain of the domain.

This is the email header info:

From: Internal Revenue Service
Subject: Notice of Underreported Income
Date: September 17, 2009 8:16:57 AM PDT
Delivery-Date: Thu, 17 Sep 2009 08:17:09 -0700
Received: from [] ( by with esmtp (Exim 4.69) (envelope-from ) id 1MoIj8-0000SK-2I for; Thu, 17 Sep 2009 08:17:09 -0700
Received: from by; Thu, 17 Sep 2009 12:16:57 -0300
Message-Id: <000d01ca37a9$e57aa020$6400a8c0@inningsqp601>
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_0007_01CA37A9.E57AA020"
X-Priority: 3
X-Msmail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.00.2314.1300
X-Mimeole: Produced By Microsoft MimeOLE V5.00.2314.1300
X-Spam-Status: No, score=3.6
X-Spam-Score: 36
X-Spam-Bar: +++
X-Spam-Flag: NO

(carefully) checking the site reveals a semi-official looking "IRS Fraud Application" page:
Filing and paying your federal taxes correctly and on time is an important part of living and working in the United States.
Please review (download and execute) your tax statement:

There is a link to download an .EXE program for your "statement" - this is no-doubt when the trouble begins. Note that since it is an EXE, which only runs on Windows, Mac users can simply scoff. But it would be trivial for the scammer to upload a .DMG or other "Mac version" of the phishware/trojan, which if a Mac users downloaded, (ignored all the warnings) and executed would easily do the same thing, which is to install the trojan and/or begin collecting personal data, or worse.



Re: IRS.GOV phising email

Connect to on port 80 ... failed

--Specializing in "takes downs" of phishing and advance fee scams
Send your Phishing/Advance fee scams to:

Re: IRS.GOV phising email

Wow! That was fast.. it was up a few hours ago when I made the post.. Good work! :-)

p to the izzle
Re: IRS.GOV phising email

I get about 15 or 20 of these emails a day at work. They make my day go by faster. I like to think in my mind that I'm really cheating the IRS and they are powerless to stop me. 

Re: IRS.GOV phising email

Pizzle you should post them here so our Phisherman can catch them!

p to the izzle
Re: IRS.GOV phising email

So what exactly happens if I post them? Do they get caught and actually get in trouble? But also they have been cracking down on internet usage at work. I only use mine for actual work now. 

Re: IRS.GOV phising email

Yes! That's what our phisherman (member name antiphishing) does.

Re: IRS.GOV phising email

You should also forward it to the FTC at

Here is there official site:

Add new comment