IRS phishing scam targets stimulus payments

Share this article:
IRS phishing scam targets stimulus payments
IRS phishing scam targets stimulus payments
As might be expected, email users are beginning to see the first stages of what is expected to be a major phishing attack capitalizing on the populace's eager expectation of IRS refund checks, as well as the Bush administration's economic stimulus payment distribution, scheduled to begin May 2.

Similar to other iterations of this scheme, this one also has an IRS logo at the top of the message copied directly from the IRS website, according to an entry on the MX Logic IT Security Blog.

Researchers at MX Logic report that samples they are seeing allege to be from "" and have a subject line of "2008 Economic Stimulus Refund."

The phish content says something like: "Over 130 million Americans will receive refunds as part of President Bush's program to jumpstart the economy." Or, "Our records indicate that you are qualified to receive the 2008 Economic Stimulus Refund," or some variation along these lines.

But by clicking on the link, instead of a payoff, unwary computer users land on a prototypical phishing site, said MX Logic.

Once there, they are prompted to enter their bank routing number and checking account number with the promise that the rebate will be directly deposited into their checking account.

Sam Masiello, director of threat management at MX Logic, told today that his company expected to see these sorts of scams emerge at this time after last month's deluge of phishing spam in advance of the April 15 tax deadline.

The $168 billion expected to be dispersed via this economic stimulus payment distribution is quite an incentive for cyberthieves preying on email users, says Masiello. He added that the tactic of establishing a sense of urgency to trick end-users may prove to be effective.

In fact, this reporter received two versions of this scheme today (see image) allegedly from "Internal Revenue Service (IRS) <>." Fortunately, clicking through on the link is denied by the corporate network protection here.

While there may not be a lot that consumers can do to block these phishing emails from coming into their inboxes, a page on the IRS website offers consumers a way to at least report the receipt of phishing scams. By doing this, the IRS said, it can "...use the information, URLs and links in the suspicious emails you forward to trace the hosting website and alert authorities to help shut down the fraudulent sites."

"This is largely an education issue," said Masiello. "End-users need to be alerted to the fact that the IRS will never communicate via email. The IRS does not know, nor does it care to know, your email address. Getting word out is key."

This is about the time that Masiello expected to start seeing these scams start coming out, and this certainly won't be the last of them, he said -- especially since the distribution of the stimulus payments is expected to last a couple of months.

And what's to come? Masiello warned that he expects there to be a follow-up to this current tax refund scam. "Be on the lookout for potential scams that try to get people to invest their tax refunds in fraudulent schemes."

Also, he said, other likely possibilities in the near future are the return of stock pump-and-dump scams and a blast advertising retail gift cards that promise extra bonuses.

Share this article:

Sign up to our newsletters

More in News

Brazilian president signs internet 'Bill of Rights' into law

Brazilian president signs internet 'Bill of Rights' into ...

President Dilma Rousseff signed the legislation on Wednesday at the NetMundial conference in Sao Paulo.

Android trojan sends premium SMS messages, targets U.S. users for first time

Android trojan sends premium SMS messages, targets U.S. ...

An SMS trojan for Android, known as FakeInst, has been observed sending premium SMS messages to users all over the world, including, for the first time, the United States.

Report: DDoS up in Q4 2013, vulnerability scanners leveraged to exploit sites

Report: DDoS up in Q4 2013, vulnerability scanners ...

Researchers observed 346 DDoS attacks in the final quarter of 2013 and attackers used Vega and Skipfish vulnerability scanners to exploit web flaws at financial companies.