This form is legitimate, but it's not actually filed with the IRS. This is what what the attachment looks like: The text in the body of the email has been around for a few years in various different versions, but what makes this email unique is the attachment. There are also a number of grammatical errors throughout.Īdditionally, the whole document has a sense of urgency to it-which is phishing 101-even asking the user to fax the completed document to the provided fax number. This form does not exist, and has been used in past IRS-related phishing schemes. In this snippet, you can see that they claim that, after you send in the first form, they will send you a W9095. Throughout, there are Non-ASCII characters to confuse natural language AI. The “From” address is made to look legitimate, but further analysis shows that the actual sender is a domain from Indonesia. There's a few interesting things of note here. Notice when you mouse over the sender address it has an irs.gov address:
End-users have been trained to inspect the sender address. When a person checks the sender address and sees what looks like an IRS email address, they may feel relieved and start trusting the email. They will only initiate correspondence via postal mail. The email, which was missed by ATP but caught by Avanan, spoofs a standard IRS email address to look more legitimate.Īs a reminder, the IRS will never email or call first. This particular attack showcases a truly well-crafted and deceptive phishing email that exploits a form used by immigrants. Tax season is always ripe with attacks, ranging from the simple to the sophisticated.
0 kommentar(er)
