A new IRS related scam is hitting mailboxes across the globe thanks to a botnet that is sending upwards of 90,000 messages per hour. The scam, which starts with a notice of unreported income, attempts to trick victims into downloading and installing a malicious executable.
IRS scam making rounds – yet another Cutwail creation.(IMG: J. Anderson)
In July, a TRACElabs report said that 75-percent of the world’s spam can be tracked to just five botnets. The largest, Rustock, sends as much as 40-percent of the global spam on its own. However, the Cutwail botnet is the second largest spam sending botnet online. The Cutwail botnet has been blamed for about 20-percent of all spam online, and despite the closure of Real Host in early August, where Cutwail related spam dropped by almost 90-percent, the botnet has made a comeback and launched a new targeted campaign.
“Earlier this morning our Threat Operations Center noticed a new spam campaign originating from the Cutwail botnet that is sending out emails spoofing the IRS. We are currently observing traffic averaging about 90,000 messages per hour using this tactic,” said email security vendor MX Logic.
The email looks as if it comes from no-reply@irs.gov, and warns users that they need to review a tax statement on the IRS website. The overall theme is that the user was caught hiding income from the IRS and they have a chance to fix it. The catch is that they will first need to download and install an EXE file that is reported to be their most recent return. The file, as expected, is malicious.
Just last month, the IRS issued a consumer alert over a rash of tax related scams, including making work pay refunds, inheritance related scams, lotto scams, and consignment scams. In another scam, which arrived in email, a legitimate IRS form, w-8BEN, was modified to request personal and financial information.
While in some cases the IRS could have your email address, the tax agency once again urges people to remember that, “The IRS does not request detailed personal information through e-mail.” Moreover, the IRS would not, “send e-mail requesting your PIN numbers, passwords or similar access information for credit cards, banks or other financial accounts.”
The IRS says that anyone who gets the latest tax related scam should forward the suspicious e-mail or URL address to phishing@irs.gov, and then delete the e-mail from your inbox.
Interested in a more interactive TTH? Join our Facebook Group Want regular updates from The Tech Herald? Follow us on Twitter
Advertising
Comment on this Story