Tuesday, March 27, 2012

Fake IRS Income Tax Appeal Rejection Notice

Fake IRS Income Tax Appeal Rejection Notice

Your income tax appeal has been declined!

Unsuspecting users who receive this fake notification via email telling them that their income tax appeal has been rejected are being lured into opening and executing malicious email attachments.

The cyber criminals are using scare tactics together with legitimate-looking rejection email notifications:

Sample message below:

Dear Chief Account Officer,

Hereby you are notified that your Income Tax Refund Appeal id# has been REJECTED. If you believe the IRS did not properly estimate your case due to a misunderstanding of the facts, be prepared to provide additional information. You can obtain the rejection details and re-submit your appeal by using the instructions in the attachment.

Internal Revenue Service
Telephone Assistance for Businesses:
Toll-Free, 1-800-829-4933
Hours of Operation: Monday Friday, 7:00 a.m. 7:00 p.m. your local time (Alaska & Hawaii follow Pacific Time).

The attachment is an html file containing an obfuscated malicious script.

Successfully deobfuscating the script yields an embedded IFrame which connects to a remote host:

The hidden IFrame has been seen to connect to these URLs:


We advise our readers to beware when opening email attachments like these.

Ensure that the latest security patches and updates are applied to your computer, and keep your security software up-to-date.

No comments:

Post a Comment