The Content Security (CS) team of TrendLabs has come across a new spear phishing incident that’s reminiscent of the whale phishing incident documented last April, wherein bogus subpoenas were sent to CEOs.

The new spam run involves email messages sent to specific organizations as notices of deficiency or tax petitions supposedly coming from the United States Tax Court (refer to Figure 1).

Figure 1: Sample screenshot of the spammed spear phishing email

Once members of a targeted organization click on the link in the message body, they are directed to the site www.ustax-courts.com—the purported US Tax Court site—and asked to download a higher version of Internet Explorer (IE) onto their system to further view court details (see Figure 2). By string manipulation (in this case, adding a dash to the actual domain name of the actual site), unknowing users are easily made to believe that the bogus site is legitimate, making them most likely to click on the link.

The legitimate US Tax Court site is www.ustaxcourt.gov.

Figure 2: Sample screenshot of the bogus US Tax Court Web site

Trend Micro advises users to be cautious in viewing emails and warns against clicking automatically on given links within these messages. As we have advised before, consult with lawyers in case important-looking emails may be valid. But in this case, the concerned Court has declared that it does not send email notices to those with cases before it: