IRS.GOV phising email

8 posts / 0 new
Last post
hubby
IRS.GOV phising email

Got this very important notification from the IRS today. Posting it here to see what our in-house phisherman thinks and as a general warning:

_____________________________________________________
From: Internal Revenue Service
Subject: Notice of Underreported Income
Date: September 17, 2009 08:16:57 AM
To: help@grownupgeek.com

Taxpayer ID: help-0000174023947US
Tax Type: INCOME TAX
Issue: Unreported/Underreported Income (Fraud Application)

Please review your tax statement on Internal Revenue Service (IRS) website (click on the link below):

review tax statement for taxpayer id: help-0000174023947US

Internal Revenue Service
_______________________________________________________

The link to review my non-existent tax statement goes to:
http://www.irs.gov.hyu11dg.eu/fraud_application/directory/statement.php?email=help@grownupgeek.com&tid=help-0000174023947US

Note that the actual domain is "hyulldg.eu", and irs.gov is a subdomain of the hyulldg.eu domain.

This is the email header info:

From: Internal Revenue Service
Subject: Notice of Underreported Income
Date: September 17, 2009 8:16:57 AM PDT
To: help@grownupgeek.com
Return-Path:
Envelope-To: help@grownupgeek.com
Delivery-Date: Thu, 17 Sep 2009 08:17:09 -0700
Received: from [187.22.128.26] (helo=bb16801a.virtua.com.br) by nano.grownupgeek.com with esmtp (Exim 4.69) (envelope-from ) id 1MoIj8-0000SK-2I for help@grownupgeek.com; Thu, 17 Sep 2009 08:17:09 -0700
Received: from 187.22.128.26 by mx1.stalder.fr; Thu, 17 Sep 2009 12:16:57 -0300
Message-Id: <000d01ca37a9$e57aa020$6400a8c0@inningsqp601>
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_0007_01CA37A9.E57AA020"
X-Priority: 3
X-Msmail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.00.2314.1300
X-Mimeole: Produced By Microsoft MimeOLE V5.00.2314.1300
X-Spam-Status: No, score=3.6
X-Spam-Score: 36
X-Spam-Bar: +++
X-Spam-Flag: NO

(carefully) checking the site reveals a semi-official looking "IRS Fraud Application" page:
Filing and paying your federal taxes correctly and on time is an important part of living and working in the United States.
Please review (download and execute) your tax statement:

There is a link to download an .EXE program for your "statement" - this is no-doubt when the trouble begins. Note that since it is an EXE, which only runs on Windows, Mac users can simply scoff. But it would be trivial for the scammer to upload a .DMG or other "Mac version" of the phishware/trojan, which if a Mac users downloaded, (ignored all the warnings) and executed would easily do the same thing, which is to install the trojan and/or begin collecting personal data, or worse.

   

   

antiphishing
Re: IRS.GOV phising email

Connect to www.irs.gov.hyu11dg.eu on port 80 ... failed

--Specializing in "takes downs" of phishing and advance fee scams
Send your Phishing/Advance fee scams to: phish@antihotmail.com
http://www.phishtank.com
http://www.fraudwatchers.org

hubby
Re: IRS.GOV phising email

Wow! That was fast.. it was up a few hours ago when I made the post.. Good work! :-)

p to the izzle
Re: IRS.GOV phising email

I get about 15 or 20 of these emails a day at work. They make my day go by faster. I like to think in my mind that I'm really cheating the IRS and they are powerless to stop me. 

hubby
Re: IRS.GOV phising email

Pizzle you should post them here so our Phisherman can catch them!

p to the izzle
Re: IRS.GOV phising email

So what exactly happens if I post them? Do they get caught and actually get in trouble? But also they have been cracking down on internet usage at work. I only use mine for actual work now. 

www.linuxmint.com/ 

hubby
Re: IRS.GOV phising email

Yes! That's what our phisherman (member name antiphishing) does.

Pembo210
Re: IRS.GOV phising email

You should also forward it to the FTC at spam@uce.gov

Here is there official site:
http://www.ftc.gov/spam

Add new comment