Scammers posing as IRS use credible emails to threaten victims

A fake IRS email targeting users of Microsoft’s Office 365 is making the rounds

Scammers impersonating the Internal Revenue Service are perfecting the art of fraud, according to a new report.

Continue Reading Below

Scams posing as official IRS communication have been around for years the problem is they become more credible every year, according to research from Abnormal Security, an email security company. The news was first reported by cybersecurity news site Bleeping Computer.

This time, a fake IRS email targeting users of Microsoft’s Office 365 is making the rounds, estimated to have reached as many as 70,000 inboxes, according to a blog summarizing the research.

The fake email claims it has been sent to collect payments. It also threatens to press legal charges.

RANSOMWARE GANG IS RAKING IN TENS OF MILLIONS OF DOLLARS

What makes it more convincing than the usual scam is the attacker’s spoofing technique and language.

An illustration picture shows a projection of binary code around the shadow of a man holding a laptop computer in an office in Warsaw June 24, 2013. (REUTERS/Kacper Pempel) 

The email appears to originate from the “irs.gov” domain, “a credible impersonation of the IRS,” Abnormal Security says.

“Both the spoofed ‘irs.gov’ sender domain and the specific IDs assigned to the recipient give the email a false sense of legitimacy. Additionally, the email creates a sense of authority through its tone and professional language," Abnormal said.

That, combined with urgency – a key component of most legal scams – can cause victims to act rashly and pay off outstanding debts in order to avoid arrest. In this scam, the fraudster claims that they have contacted the person before and that the case has escalated.

TEXTING SCAMS ARE ON THE RISE: REPORT

“This is meant to provoke immediate action, as the recipient may feel they cannot delay their payment any longer,” Abnormal Security said.

The email also contains specific language such as unique account and loan numbers, as well as docket and warrant IDs. “By using seemingly specific information, the attacker strengthens the aura of legitimacy of the attack, increasing the likelihood of the victim engaging,” the report said.

And the language and the grammar – though not perfect -- are more convincing than usual. Less-effective email scams are riddled with language and grammatical mistakes.

There is a giveaway, however, as is the case with all scams.

HOSPITALS INCREASINGLY TARGETED BY RANSOMWARE ATTACKS, REPORT SAYS

A closer look shows the emails' header is actually "shoesbagsall.com."

“Additionally, the reply-to field is a dead giveaway that something is not quite right as it redirects the replies to legal.cc@outlook.com instead of the IRS support mailing address,” according to Bleeping Computer. But not everyone sees these indicators.

Here’s the most important thing to keep in mind to protect yourself: this is not how the IRS operates.

“The IRS will never initiate contact with taxpayers via email about a tax bill, refund or Economic Impact Payments,” according to an advisory from the IRS.

CLICK HERE FOR THE ALL-NEW FOXBUSINESS.COM

“Don't click on links claiming to be from the IRS. Be wary of emails and websites − they may be nothing more than scams to steal personal information,” the IRS said.