Malicious emails that rely on the reputation of the Internal Revenue Service (IRS) are highly common and with each tax season cybercrooks get out their old emails from the closet and start sending them to unsuspecting business owners.
Sophos representatives report that new variants of the classic IRS scam are currently making the rounds.
Bearing subject lines such as “Rejection of your tax appeal”, “Your tax return appeal is declined”, or “IRS notification of your tax appeal status,” the emails look something like this:
Dear Business owner,
Hereby you are notified that your Income Tax Refund Appeal id#6636527 has been DECLINED. If you believe the IRS did not properly estimate your case due to a misunderstanding of the facts, be prepared to provide additional information. You can obtain the rejection details and re-submit your appeal by using the instructions in the attachment.
Internal Revenue Service
The attachment the notification is referring to is actually a malicious HTML file identified by the security firm as Mal/Iframe-AE.
The fact that these types of emails make a comeback each year indicates that the campaigns record a great success. Scams that don’t generate a profit for the crooks are usually ditched, but the profitable ones keep returning from time to time.
As we’ve seen so far, the most common and successful scam emails are those that pretend to originate from courier companies, airline companies, and, of course, tax-related emails.
The IRS is a government organization from the US, but that doesn’t mean that only US internauts are targeted by these types of emails.
The names and reputation of tax and revenue agencies from other countries can also be used in scam emails, which means that users worldwide should be on the lookout for any similar plots.