Tuesday, December 2, 2008

New or rather an Old email scam hitting in-boxes once again

So our office received an interesting e-mail this morning telling the recipient that they are due a rebate from the IRS and that they should log in to claim the money. Let me post the e-mail for you.


After the last annual calculations of your fiscal activity
we have determined that you are eligible to receive
a tax refund under section 501(c) (3)of the
Internal Revenue Code. Tax refund value is $189.60.
Please submit the tax refund request and allow us 6-9 days
in order to IWP the data received.
If u don't receive your refund within 9 business
days from the original IRS mailing date shown,
you can start a refund trace online.

If you distribute funds to other organization, your records must show wether
they are exempt under section 497 (c) (15). In cases where the recipient org.
is not exempt under section 497 (c) (15), you must have evidence the funds will
be used for section 497 (c) (15) purposes.

If you distribute fund to individuals, you should keep case histories showing
the recipient's name and address; the purpose of the award; the maner of
section; and the realtionship of the recipient to any of your officers, directors,
trustees, members, or major contributors.

To access the form for your tax refund, please click here

This notification has been sent by the Internal Revenue Service,
a bureau of the Department of the Treasury.

Sincerely Yours,
John Stewart
Director, Exempt. Organization
Rulings and Agreements Letter
Internal Revenue Service

I have removed the link that was in the e-mail originally as I don't want anyone to click on it.

This e-mail showed up like this in the inbox:

From: Internal Revenue Service

Except I have set up our e-mail set up to show the Source Address which made it show up like this:

From: Internal Revenue Service [mailto:service@***-***.com]

(I removed the real website address - I will explain why below)

Now I don't like to point fingers here but in an effort to keep everyone from sending e-mails to this address lets figure out who it is. Or at least who it isn't.

I ran a whois query on the domain that was listed as the sender and got information that showed my suspicion of this email to have been justified. I am sure of one thing, and that is who it is not.

Do I think this is who is responsible for the scam that is being run here? Would you think it was?
I don't think it is. I think someone got into the e-mail database and gave themselves an e-mail address from that server so they could use an address that looked better than IRSGUY @ Hotmail.com

Why do I think that?

When I look at (and I have a habit of doing so allot) the Source code of the link in the e-mail I see that it is pointing at another website all together.

It is pointing to (http://www.*********.com/refund/login.html) (I broke that link too so don't click it)

That website is also not associated with the Treasury or the IRS. Point of the story? Even though many of us are money hungry and looking at our stacking bills and thinking about Santa and the list of items he has to provide this year - don't let some scam artist separate you from you money or identity. Check everything.

Take no link at its cover value - Remember Don't judge a book by it's cover?
Apply the same principle to the links you get in your emails and the ones you find on the web.