The Anatomy of a Scam: Fake IRS Messages

May 24, 2018

In many ways, online “phishing” scams have hardly changed since the early 1990’s, when attackers would “fish” for account information of people using American Online. Scammers still use the same basic social engineering methods to steal financial information today.

Why Do People Still Fall for Online Scams?

At Black Hat 2017, Karla Burnett, a security engineer from Stripe discussed the psychology of phishing and why people still seem vulnerable to these deceptions. Burnett mentioned Daniel Kahneman’s theory of the conscious mind having two modes of thinking: System 1 (fast and instinctive) and System 2 (slow, deliberate, and rational). Regardless of someone’s level of technical knowledge, the System 1 mode of thinking can make anyone a victim of a legitimate-looking deception. Rarely does anyone put System 2 thinking to work during mundane activities like browsing through an email inbox.

IRS Scam Breakdown

Burnett’s claim makes sense given the surge in IRS phishing attempts. In December 2017, the IRS posted an alert that notified taxpayers about new email scams. You can learn to recognize this type of fraud by checking the example below.

1.

The from field shows an inconsistency between the sender’s name and the actual email address. You should ask yourself if the sender’s email address looks familiar. Do you normally communicate with this person? Did this “important” message come from a total stranger?

2.

The date field can also help determine a message’s legitimacy. Did someone send it during regular business hours or at an unusual time?

3.

The subject field in this example looks suspicious too. Anyone who wrote “Important Message” as the subject would normally also provide further context.

4.

The message content often contains basic spelling and grammatical mistakes intended to help these scams slip through spam keyword filters.

5.

Watch out for hyperlinks or attachments in the message. When hovering over a hyperlink, does it point to the official IRS site? Does the website’s address look extremely long?

To learn more about common IRS scam tactics and other types of tax fraud, just open this link: https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/what-you-need-to-know-about-tax-scams

Trend Micro™ Fraud Buster can also check all sorts of messages and warn you about any suspicious content!