Spear Phishing and Taxes

A co-worker of mine recently received the following spear phishing message. It was more sophisticated - or at least, far less crudely constructed than many, and included details appropriate to his actual employment.

The phone number was the individual's employer's main switchboard, and it was sent to a work email address that he uses for notification from the IRS. Forms are referenced, and document numbers that look like official government numbers are included. A perceptive user should notice that the URL is from a .com address, and of course, the headers clearly showed that the email was not from a government system.

As is common in such email, there is a threat included to make reply more likely - in this case, a bill will be sent by the government.

Department of the Treasury Date of this Notice: May 23 2008
Internal Revenue Service Letter Number 531(DO)
District Director Form: 1040

XXXXXXXX YYYYYYYY
EMPLOYER NAME
(999) 999-9999
-NOTICE OF DEFICIENCY-
Dear XXXXXXX YYYYYYY,
We have determined that you owe additional tax and other amounts, or both, for the tax year(s) identified above. This letter is your NOTICE OF DEFICIENCY, as required by law. The enclosed statement shows how we figured the deficiency. If you want to contest this determination in court before making any payment, you have 90 days from the date of this letter (150 days if addressed outside the United States) to file a petition with the United States Tax Court for a redetermination of the deficiency.

link to (www.tax-revenue.com) removed

If you decide not to sign and return the waiver, and you do not file a petition with the Tax Court within the time limit, the law requires us to assess and bill you for the deficiency after 90 days from the date of this letter (150 days if this letter is addressed to you outside the United States).

Thank you for your cooperation.
Sincerely yours,
Charles O. Rossotti
Commissioner by
Roger K. Burgess CR
District Director
Letter 531(DO)(Rev.9-96)