Malware attack claims the IRS has rejected your tax appeal

Malware attack claims the IRS has rejected your tax appeal

Computer users are finding a message in their email inbox which isn’t all that it seems.

The messages appear to come from the IRS, and claim that the recipient’s tax refund appeal has been rejected.

Here’s a typical message:

IRS spam. Click for larger version

Dear Business owner,
Hereby you are notified that your Income Tax Refund Appeal id#6636527 has been DECLINED. If you believe the IRS did not properly estimate your case due to a misunderstanding of the facts, be prepared to provide additional information. You can obtain the rejection details and re-submit your appeal by using the instructions in the attachment.

Internal Revenue Service

Subject lines used by the emails include:

Rejection of your tax appeal.
Your tax return appeal is declined.
IRS notification of your tax appeal status.

Of course, the attached HTML file is malicious and you should not open it. Sophos detects it as Mal/Iframe-AE.

There's nothing new, of course, about criminals spamming out malicious emails posing as the tax office. But the fact that it keeps happening suggests that it's a very effective method for duping the unwary into infection.

Make sure you keep your anti-virus protection up-to-date and your wits about you.