Hackers are Harassing US Citizens via Spoofed IRS Emails

Security researchers recently warned about a new trend among scammers , who tend to impersonate the IRS and warn people about ‘outstanding amount’ that they need to pay under a threat of legal action.

The US IRS is known for being quite ruthless towards those who do not play by the rules, which is why law-abiding citizens are doing everything in their power to respect the laws and do their part in contributing to society. This is why thousands of Americans were quite negatively surprised when the Internal Revenue Service started contacting them recently, and threatening with legal charges.

Fortunately, it was uncovered that these threats of taking legal action against them did not come from the real IRS. Unfortunately, however, it was all a part of a hacking campaign , where hackers/scammers attempted to trick people into giving them money.

According to a recent report by a security company called Abnormal Security, scammers attempted to impersonate the IRS and target already intimidated US citizens.

They contacted their victims via email, demanding that people pay up, or face legal charges. It was all a consequence of a phishing scam that was originally noticed earlier this year, in April.

Scammers have managed to fabricate massive tax amounts related to some missing or late payments and force people to pay their alleged debts. The method seems to have been quite successful, as hackers started widening their scope ever since.

Researchers estimated that hackers managed to reach almost 70,000 people by targeting their Microsoft Office 365 accounts. So far, it remains unknown if anyone fell for the trick and made a payment, although the numbers alone suggest that a number of people must have reacted to the scam.

According to researchers, spoofing the IRS is quite a popular choice among hackers. The IRS enjoys a strong reputation and authority, and people typically do not question emails that they receive directly from the tax authority.

Of course, there are other aspects that quickly reveal that the emails are not real, such as poor English and grammar, as hackers tend to quickly form these warnings without caring too much about the details.

This time, however, hackers’ technique was more sophisticated than usual. Researchers revealed that the emails seem to have come from support@irs.gov, which hackers used to add more legitimacy to the email. In addition, they also used warrant ID, case ID, docket number, and their English was rather accurate and error-free.

Still, a thorough inspection does reveal clues that these emails are fake, as they originate from the shoesbagsall.com domain. Furthermore, if anyone attempted to reply to the email they received, the response would be directed to “legal.cc@outlook.com,” instead of the IRS’ address.

Abnormal Security noted that hackers truly did put a lot of effort into the scam this time, but ultimately, it is still relatively easy to confirm that the emails are not real.

As mentioned, hackers attempted to trick people they were targeting with claims that they owe an ‘outstanding amount’ that needs to be paid as soon as possible, otherwise they would take legal action.

Not only that, but they even threatened with strong legal language, such as ‘warrant for your arrest,’ and alike, which would likely force people into a state of panic, and reduce the likelihood that they would inspect the emails for errors and inconsistencies.

The threats continued, and scammers promised to notify the victims’ employers of their ‘outstanding’ debt and withheld the money from their salaries, inform the credit bureau, and more.

Similar threats said that failure to pay would result in contacting local sheriff departments, issuing court orders, and alike. Finally, hackers ‘politely’ requested that the victim informs them of their intentions by the end of the day, so that they would know whether to ‘hold the case’ or submit the paperwork to the local sheriff department and serve them a court summons.

Researchers noted that this use of official language helped confuse the victims, but it also allowed hackers to bypass security systems that typically block spam and phishing attacks.