Phishing Alert: Rejected Federal Tax Payment Scam
The phishing email’s “From” and “To” address fields are the same. Had this truly originated from the EFTPS the sender’s email address would have stemmed from the official eftps.gov domain. In addition, using a *@eftps.gov email address also raises an alert since the EFTPS website clearly states that:
“We value your privacy and security and will never contact you via e-mail. If you receive an e-mail that claims to be from the EFTPS® tax payment service or from a sender you do not recognize that claims to have information about a payment scheduled through this service, forward the e-mail to [email protected] or call the Treasury Inspector General for Tax Administration at 1.800.366.4484.”
Lastly, the phishing email contains an external link of the supposed report by the file name “report_716143.pdf.exe.” A quick scan of this .exe file on the VirusTotal website classifies it as a Trojan.PWS.Panda.655.
A look at the phishing email’s header information details the transfer of the email between the sender and the recipient (see image 02). A separate article on the analysis of the email header will follow shortly.
These fraudulent emails should be deleted immediately. This is only one example of a phishing email designed to steal personal information, which could lead to identity theft or the breach of a corporate network.