Malware attack claims the IRS has rejected your tax appeal

Filed Under: Featured, Malware, Spam

Computer users are finding a message in their email inbox which isn't all that it seems.

The messages appear to come from the IRS, and claim that the recipient's tax refund appeal has been rejected.

Here's a typical message:

IRS spam. Click for larger version

Dear Business owner,
Hereby you are notified that your Income Tax Refund Appeal id#6636527 has been DECLINED. If you believe the IRS did not properly estimate your case due to a misunderstanding of the facts, be prepared to provide additional information. You can obtain the rejection details and re-submit your appeal by using the instructions in the attachment.

Internal Revenue Service

Subject lines used by the emails include:

Rejection of your tax appeal.
Your tax return appeal is declined.
IRS notification of your tax appeal status.

Of course, the attached HTML file is malicious and you should not open it. Sophos detects it as Mal/Iframe-AE.

There's nothing new, of course, about criminals spamming out malicious emails posing as the tax office. But the fact that it keeps happening suggests that it's a very effective method for duping the unwary into infection.

Make sure you keep your anti-virus protection up-to-date and your wits about you.

, ,

You might like

One Response to Malware attack claims the IRS has rejected your tax appeal

  1. MikeP ยท 1295 days ago

    It's easy to spot if you're not a US citizen! I've had this and similar emails but as I live in the UK they get junked PDQ!

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley runs his own award-winning computer security blog at, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Follow him on Twitter at @gcluley