Scammers impersonating the Internal Revenue Service are perfecting the art of fraud, according to a new report.
Scams posing as official IRS communication have been around for years — the problem is they become more credible every year, according to research from Abnormal Security, an email security company. The news was first reported by cybersecurity news site Bleeping Computer.
This time, a fake IRS email targeting users of Microsoft’s Office 365 is making the rounds, estimated to have reached as many as 70,000 inboxes, according to a blog summarizing the research.
The fake email claims it has been sent to collect payments. It also threatens to press legal charges.
What makes it more convincing than the usual scam is the attacker’s spoofing technique and language.
The email appears to originate from the “irs.gov” domain, “a credible impersonation of the IRS,” Abnormal Security says.
“Both the spoofed ‘irs.gov’ sender domain and the specific IDs assigned to the recipient give the email a false sense of legitimacy. Additionally, the email creates a sense of authority through its tone and professional language," Abnormal said.
That, combined with urgency – a key component of most legal scams – can cause victims to act rashly and pay off outstanding debts in order to avoid arrest. In this scam, the fraudster claims that they have contacted the person before and that the case has escalated.
“This is meant to provoke immediate action, as the recipient may feel they cannot delay their payment any longer,” Abnormal Security said.
The email also contains specific language such as unique account and loan numbers, as well as docket and warrant IDs. “By using seemingly specific information, the attacker strengthens the aura of legitimacy of the attack, increasing the likelihood of the victim engaging,” the report said.
And the language and the grammar – though not perfect -- are more convincing than usual. Less-effective email scams are riddled with language and grammatical mistakes.
There is a giveaway, however, as is the case with all scams.
A closer look shows the emails' header is actually "shoesbagsall.com."
“Additionally, the reply-to field is a dead giveaway that something is not quite right as it redirects the replies to firstname.lastname@example.org instead of the IRS support mailing address,” according to Bleeping Computer. But not everyone sees these indicators.
Here’s the most important thing to keep in mind to protect yourself: this is not how the IRS operates.
“The IRS will never initiate contact with taxpayers via email about a tax bill, refund or Economic Impact Payments,” according to an advisory from the IRS.
“Don't click on links claiming to be from the IRS. Be wary of emails and websites − they may be nothing more than scams to steal personal information,” the IRS said.