Deconstructing an IRS Phishing scam

Here's an example of just one of the many tax related scams criminals are using this year

Phishing with Benjamin

Taxes. Avoiding them is illegal, and paying them is painful. We've all got to do it, and for some, the stress of taxes is no small matter. There's a certain element of apprehension when dealing with the IRS, even when you've done nothing wrong, so being contacted by them is a bit frightening.

Criminals know the type of stress the IRS can cause a taxpayer. They also know that most will immediately pay attention to something from the IRS. Perhaps not out of fear, but curiosity. After all, if you've paid your taxes on time like clockwork, why would the IRS be emailing you?

To be honest, they wouldn't, but consider the email below:

[Click on the image to read it at max resolution]

IRS Phishing Scam image 1

Taken at face value, this email doesn't seem wrong to the untrained eye. However, examine it closely and some things stand out.

1. The message is addressed to "Dear business owner" – Nothing from the IRS would ever be so generically addressed. If they're sending you something, they send it addressed to your first and last name, and in some cases include other identifying details.

2. Contact has originated via email. The IRS doesn't email taxpayers; they send certified letters via the United States Postal Service (USPS).

3. The message points you to a website in order to download a PDF file containing the alleged charges against you - or in this case - your company.

Assuming that you are a business owner, it's important to note that the IRS would never send you a random email attachment or ask you to download something out of the blue.

4. The phone number in the message's closing is a legitimate IRS phone number. However, it isn't the number for the IRS "Fraud Prevention Department," it's the number for the Business and Specialty Tax Line. Should you call it and explain the email, the person on the other end will immediately call this scam out for what it is.

5. The complaints email address isn't valid. The IRS requires that certain forms be completed and delivered to them in order for a complaint to be registered. Any time you get an email form the IRS and suspect that it isn't on the level, send it to and delete the original.

Next: Deconstructing the scam and finding technical evidence

1 2 3 Page 1
Page 1 of 3
7 hot cybersecurity trends (and 2 going cold)