Scammers Impersonating The IRS Threaten Victims With Legal Action

Aggressive scammers are impersonating the U.S. Internal Revenue Service (IRS) in e-mails designed to trick potential victims into paying fabricated outstanding amounts related to missed or late payments.

The phishing emails target users of Microsoft’s Office 365 platform and have so far reached an estimated number of up to 70,000 mail inboxes according to researchers at email security company Abnormal Security.

There is a high chance that at least some of the targets will give in and pay the fraudsters seeing that the scammers threaten them with Credit Bureau reports and legal action.

Spoofed IRS emails

“The attacker impersonates the IRS, crafting a seemingly credible email threatening to press legal charges unless the recipient settles an outstanding account balance,” the Abnormal Security researchers revealed.

To make it as convincing as possible, the fraudsters spoof the email address the scam messages appear to originate from to make it look like they were sent from [email protected].

They are also using case ID numbers, docket numbers, and warrant IDs throughout the emails, as well as what looks as virtually error-free English content on a quick skim to add to the legitimacy illusion.

Also Read: PDPA For Companies: Compliance Guide For Singapore Business

Despite this, it would be obvious that this is a scam to anyone looking at the emails’ headers and seeing that the real sending domain is actually shoesbagsall.com.

Additionally, the reply-to field is a dead giveaway that something is not quite right as it redirects the replies to [email protected] instead of the IRS support mailing address.

Legal charges, arrest warrants, and final warnings

To further intimidate and send their victims into panic mode, the scammers resort to legal threats and even add the possibility of an eventual arrest right from the start of the emails whose titles include a “warrant for your arrest” warning.

For added effect, the recipients are also told that the emails will also be forwarded to their employer so that their made-up outstanding amounts will be legally withheld out of their wages.

“We have sent you this warning notification about legal proceedings in May 2019. But you failed to respond on time,” the messages say. “This time, if you fail to respond then we will register this case in court. Consider this as a Final Warning.”

Also Read: Trusted Data Sharing Framework IMDA Announced In Singapore

“Please let us know what your intention is by today itself so we can hold the case or else we will submit the paperwork to your Local Sheriff Department and you will be served with a court summons at your door step.”

The emails also instruct the targets to immediately reply with payment details to avoid having their credit ruined.

“IRS email impersonations are widespread across all industries,” the researchers concluded. “These attacks vary in scale and victim, targeting both individuals and companies as a whole.”

“This particular attack follows the growing trend of utilizing social engineering strategies for malicious engagement, allowing attackers to more easily bypass email security solutions that focus mostly on obvious threat vectors such as links or attachments.”