IRS (Internal Revenue Service) spam that leads to phishing sites is in circulation–again! The new spam informs the user that he is eligible for a tax refund, and must fill out a form to avail of the refund.

The link within the spammed email message does not look like an official IRS address: http://{BLOCKED}adoralive.de/images/upload/user/427/stats/awstats/.money/ssl/refund.php.

See image below:

Clicking the link points to the page below:

The page does use the IRS logo and looks nearly similar to the IRS official site, however. This could deceive the more naive Internet user.

Clicking the “Tax Refund Online Form” link leads to a bogus form page which actually phishes for sensitive user information. These spammers-phishers have also been so kind as to include the following reminders:

• For security reasons, we will record your ip-address and date.
• Deliberate wrong inputs are criminally pursued and indicted.

The “refund” angle may be old (see here and here), but apparently it is yet to be exhausted. More inventive techniques have used the agency’s name in asking for contributions to the victims of the California wildfires in early November, serving malware in a complaint form, or using a voice message to deliver the message.

Note that the IRS would never contact anyone using email, as stated in the IRS’s official site. To learn more about phishing attempts of this kind, read the official site’s interesting page dedicated to IRS-related scams.

If you're new here, you may want to subscribe to our RSS feed. Thanks for visiting!