In their latest attempt to spread malware, spammers have started firing out bogus IRS notification emails stating that a recent tax payment was rejected, but the reason why won’t be revealed unless you click the link to view a Microsoft Word Document.
Here’s the email:
From: Internal Revenue Service (alerts[at]irs.gov)
Subject: Rejected Federal Tax transfer
Internal Revenue Service
United States Department of the Treasury
Your Tax payment (ID: [RANDOM NUMBER]), recently from your bank account was returned by the The Electronic Federal Tax Payment System.
Rejected Tax transaction
Tax Transaction ID: [RANDOM NUMBER]
Reason of rejection: See details in the report below
Federal Tax Transaction Report tax_report_[RANDOM NUMBER].doc (Microsoft Word Document)
Internal Revenue Service, Metro Plex 1, 8401 Corporate Drive, Suite 300, Landover, MD 20785
Spoiler: there’s no Word document.
In fact, when you click the link, you will be taken to a malicious site housing the Black Hole exploit kit, which will attempt to exploit vulnerabilities in Adobe Reader/Acrobat and Microsoft Windows Help and Support Center to drop malware identified by Microsoft as Worm:Win32/Cridex.E on the victim’s machine.
The attack is carried out silently in the background as the user is presented with a plain looking ‘Page Loading…’ page. Here’s to hoping that users who click the link have antivirus capable of detecting the threat installed on their PC.
What to Do with IRS Spam
If you happen to receive the email above or another IRS phishing email:
- Do NOT click on any embedded links or download any files attached to the email.
- Do NOT respond to the email or provide any confidential information.
- Report the email to the IRS by forwarding it to firstname.lastname@example.org.
- Delete the email immediately.