May 14, 2008
Email Scam Trying to Spoof IRS
You might find in your inbox an email from the IRS stating that their records indicate that "you are qualified to receive the 2008 Economic Stimulus Refund"... Well, DUH! Wasn't that the whole point of the Stimulus Package? But you know, this automatically raised flags the minute I saw the email in my inbox.
Just so you know what to look for, I checked the header information of the email and it originated from the Romania. When the IRS contracted/outsourced help from the Romania? This email was then processed by a server in the UK...
Received: from [81.144.221.34] (helo=threealbionplace.co.uk) by insmtp12
with esmtp (Exim 4.50) id 1JwTYk-0007hP-J3; Thu, 15 May 2008 03:51:10 +0100
X-PMWin-Version: 3.0.1.0, Antivirus-Engine: 2.73.0, Antivirus-Data: 4.29E
Thread-Topic: 2008 Economic Stimulus Refund. [Scanned]
Received: from User ([193.227.227.37]) by threealbionplace.co.uk with
Microsoft SMTPSVC(6.0.3790.3959); Thu, 15 May 2008 03:50:58 +0100
Later, in the body of the email, it states:
To access Economic Stimulus Refund, please click here :
http://210.11.88.209/_vti_rgl/www.irs.gov/0,,id=96596,00.html
That IP address (210.11.88.209) is owned and operated by the registry folks in Australia and running a Windows IIS Server Application.
UPDATE (2008-06-09):Thanks, Drew. Okay, so forward such phishing emails to phishing@irs.gov.
|
Posted by John Highway at May 14, 2008 11:16 PM |
Comments
My forward to spoof@irs.gov failed guess the IRS has other things to do besides running down people using their good name.
Posted by: stan at May 18, 2008 01:26 PM
I got an IRS phishing email today. I saw your post, and after I did a little research I found that they actually do have an address to forward phishing attempts. it is: phishing@irs.gov
Posted by: drew at June 9, 2008 03:56 PM