A Credible Threat: Fake IRS Emails Target Microsoft 365 Users
Microsoft 365 users are being targeted yet again by a new phishing campaign – Fake IRS emails. A cybersecurity report by a well-known computer support and security company estimates that as many as 70,000 Microsoft Office 365 users have received emails from scammers impersonating the Internal Revenue Service.
A Harder Scam to Spot
While often these email scams are easy to spot, this one has a higher level of sophistication. These emails appear to be a credible impersonation of the IRS: not only does the scammer use a spoofing technique where the email appears to originate from the “irs.gov” sender domain, but the body of the information uses professional language, as well as specific “data” such as account numbers and case numbers to provide an aura of legitimacy and increasing the likelihood that the targets will engage.
Additionally, these emails try to intimidate potential victims by threatening to press legal charges and, in some cases, even arrest. These types of threats create a sense of urgency and may cause victims to act impulsively. Remember: the IRS will never initiate contact with taxpayers via email, text message or social media channels! The IRS’s Identity Theft Central resource includes detailed information on contact policies and spotting scams.
The Stakes Are High
Per the IRS, thousands of people have lost millions of dollars and their personal information to tax scams – Don’t be one of them! If you receive one of these threats, do not open it or click on any of the links.
How to Spot a Scam
- Look at the email header of the sender – A closer look at this fake IRS email reveals that the email header is actually “shoesbagsall.com.”
- Check the ‘reply to’ email address – Another giveaway that the email is a scam is the “reply-to” email address redirects replies to “email@example.com.”
- Watch out for language and grammatical errors – As noted above, the language and grammar in this fake email are much more convincing than a usual scamming attempt, however, it is not perfect, and certain grammatical errors should raise red flags.
- Don’t rely on email alone – Double-check all email and text requests with a quick phone call to your trusted CPA or even a call to the IRS.
Where to Get Help
The Barnes Dennig Technology Team is here for you! Contact us to learn more about tax scams, discuss data security, and how you can best protect your personal and professional assets and information. We’re here to help.