Debunking email hoaxes and exposing Internet scams since 2003!


Hoax-Slayer Logo Hoax-Slayer Logo

DividerDivider
Home    About    New Articles    RSS Feed    Subscriptions    Contact
DividerDivider
Bookmark and Share





IRS 'Invalid File Alert' Malware Email

Outline
Email purporting to be from the IRS claims that errors have been found in files electronically submitted by the recipient.

Tax sign

© Depositphotos.com/ Pixelery.com



Brief Analysis
The email is not from the IRS. Links in the email open websites that harbour malware.

Bookmark and Share
Example

Subject: Invalid File Email Alert

9/30/2013

Valued Transmitter,

We received your electronic file(s) of information returns; but, the file(s) contained errors. As of the date of this email, we have not received a good replacement file. If we do not receive the replacement file within the accentuated time from your transmission, late filing penalty may be applied. For further clarification on sending a timely filed replacement, please see Publication 1220, Part B, Section 5.01. The following is a list of your bad file(s) that need to be replaced:

Filename        # of Times
Email HasBeen Sent  Tax
Year
ORIG.64X07.5975     3          2012

If you did not know your file contained errors, the results are posted on the FIRE (Filing Information Returns Electronically) System within two business days of your transmission. It is your engagement to check your filing results. To view your file results click at Show Filing Errors.

If you have sent an emended file that you think replaces the above file(s) or if you are uncertain how to resolve the errors in your file(s), please contact the IRS/Information Returns Branch: Use our ticket system;

IRS Malware Email


Detailed Analysis


According to this email, which purports to be from US tax agency, the IRS, files submitted electronically by the 'Valued Transmitter" were found to contain errors. The message warns that if replacement files are not submitted within the "accentuated time", late filing penalties may be applied.

The email includes a "Show Filing Errors" link that supposedly allows the recipient to view the errors and submit replacement files. The message also notes that if the recipient has already submitted an "emended file" or needs further help, he or she can click a second link to submit a support ticket.

However, the email is not from the IRS and the claim that the recipient must submit new files is false. Both links in the email lead to compromised websites that harbour various types of malware. This malware may steal sensitive information from the infected computer, make connections with servers controlled by criminals, and download further malware.

The scammers try to trick users into believing that they will be in trouble with the IRS if they do not act quickly. Thus panicked into action, at least a few recipients will click the links and download the malware.

Criminals regularly use fake tax notification emails as a method of tricking people into downloading malware. Phishing scam versions of the tactic are commonly used to trick people into divulging personal and financial data via the false promise of an unexpected tax refund.

The bizarre grammar in the message is enough by itself to identify it as fraudulent.  Moreover, the IRS will never request sensitive information from taxpayers via unsolicited emails. The IRS states on its website:

Please note that the IRS does not initiate contact with taxpayers by email to request personal or financial information. This includes any type of electronic communication, such as text messages and social media channels.
Regardless of where you live in the world, be wary of unsolicited emails or text messages purporting to be from your country's tax department that promise a refund or ask you to submit personal information.

Bookmark and Share

Last updated: October 1, 2013
First published: October 1, 2013
By Brett M. Christensen
About Hoax-Slayer

References
IRS 'Unable To Process Your Tax Return' Malware Email
ATO Tax Refund Malware Emails
IRS Tax Refund Phishing Scam
Problem Alerts