Look Who is Taking Advantage of the IRS Deadline

The IRS settlement offers for U.S. taxpayers holding accounts in foreign banks end on September 23, 2009. Using these offers, one can fully disclose and pay their back taxes, interest, and penalties. In return, the IRS will go back and scrutinize only a limited number of tax years, along with lower penalties and no criminal prosecution. Legitimate FAQs on the settlement offered by the IRS can be found here, with additional information found here.

Spammers are using this deadline to expand their network, using malicious attacks and sending fake IRS email notifications to recipients. These emails do not mention the deadline, but they explicitly describe the issue as “Unreported/Underreported income.” Users might possibly panic over the subject line “Notice of Underreported income,” and download the executable “tax-statement.exe,” detected as Downloader by Symantec antivirus.

Example Image of the email:

Users are redirected to a malicious IRS look-alike site if they click the URL inside these emails. Here, users are requested to review their tax statement and indirectly coerced to “download and execute” the statement. Needless to say, if users follow these instructions, their machines will be infected.

The IRS has excellent phishing-related tips that can be found here, to help users from falling victim to these traps. All financial institutions provide similar instructions to help their customers ward off phishing attempts. This is not the first phishing attempt on the IRS; however, Symantec will be actively watching for similar phishing attacks during the following weeks.

Note: Thanks to Paresh Joshi for the contributed content