Saturday, April 13, 2013

Scam Fake Email from U.S. Treasury

It's tax time. The number of fake scam emails I'm getting that pretend to be coming from the IRS or the U.S. Treasury is astounding. They are ALL fake. These government departments do NOT initiate contact via email! Ever!

The approach the scammer uses below is an effective one - provide so little detail that the user is compelled to click on the attachment just to figure out what the email is about and if it is legitimate. And once they click, it is too late. DO NOT CLICK ON ANY ATTACHMENTS in emails that appear to be from the IRS or other government agencies.

I recommend looking at the "message source" and finding the REPLY-TO address and see what that says. What does it say in this case? Not exactly the U.S. Treasury. I then usually look for another field, to see where the email may have been routed from. But in this case, that didn't help as the scammer was able to hijack using yahoo mail. Probably hacked into someone's account.

Okay, here is what it looks like. It's simple, but it does get people to click on the attachment and that is where the trouble begins for the user. So don't click on any links in these types of email.
From:    U.S Treasury Office (
Sent:    Sat 4/13/13 5:16 PM
Attachments:     1 attachment | Download all as zip (2.0 KB)
    The details.txt (2.0 KB)

Parts of this message have been blocked for your safety.

View the file for your message details.

1 comment:

  1. And just as a reminder - the IRS is not going to email you. The below email is fake and a scam. The link looks legitimate but when you mouse over it (with OUT clicking on it), it actually goes to [don't click in this folks!]

    I am NOT going to click but by the last paragraph one can see the scammer is going to collect all kinds of confidential information on you, probably your social security number, etc. - they use it to build profiles to try then to either log in to people's online banking accounts or try and set up falsified credit cards.

    The real IRS will mail you a letter, not send an email.

    Don't be fooled.

    Subject: e-Service Account Notice
    From: IRS E-Services []

    Our account surveillance have detected some suspicious activities over your account and to maintain the security we have temporarily disabled some functions on your account.

    Possible Reasons:
    Someone was trying to access your account illegitimately
    Using different source to access

    To enable all functions on your account, you required to verify your identity with IRS e-Services by
    Clicking: PROD/CRM/signon.html

    Note: You must provide and answer security questions you have provided us when you registered in order for us to verify your identity, after which normal e-Services activities will continue.

    Internal Revenue Service.
    Copyright © 2015, Internal Revenue Service U.S.A. All rights reserved.
    e-services Privacy Policy