If you own a business or make a high income, you pay your quarterly taxes by electronic transfer through EFTPS or by going to the bank and submitting a tax payment for transfer. Either way, criminals are now targeting you by sending emails that look very much like an IRS notice. These emails are targeting the Electronic Federal Tax Payment System users (EFTPS).
EFTPS is a tax payment system provided free by the U.S. Department of Treasury that allows you to pay federal taxes electronically via the Internet or phone 24/7.
This phishing has been going on for about three weeks. I have received multiple emails targeting only my specific business email and personal email that are used for business. I notified the IRS and they recently came out with a warning that there is a large scale attack on EFTPS users. If you received one, please forward it to the IRS at phishing@irs.gov.
These emails are extremely well done and look just like a real IRS notice. The main issue is that all these emails are using a .GOV address which is restricted only to US Government sites. As a result, they look legitimate to a lot of people and gives them a sense of security.
DO NOT CLICK ON ANY LINKS EVEN IF IT’S A GOVERNMENT LINK.
These emails had subject headings beginning with “Your Federal Tax Payment” and said an electronic transfer had been rejected because of an invalid corporate identification number. This is obviously targeting mostly small businesses. The e-mails contain links to the real US government web page that collects tax payment information including bank account numbers.
This is what the email that I received look like.
What happened to a small business after you click on the IRS link is that your computer would be taken through a series of sites in seconds. During this extremely short time, your computer would be infected with the Zeus trojan. This trojan enabled criminals to get real time information about your account as you are entering the information.
While you are putting in your password and codes, you see everything on the screen exactly as you would for your bank account or the IRS site. However, in the background, the hackers are actually inputting your information themselves as you type it. Once you log out, the criminals then go in and strip your account of all the money immediately.
The Zeus trojan is widely sold on underground forums very cheaply. It is highly customizable for hackers.
I had notified all my clients at the beginning of this year about this particular trojan after the McAfee 2010 report came out. Several people have seen their phishing email attacks changed to this format of a real bank link.
It’s not fashionable these days to work offline but I highly recommend it whenever you see any emails that are from your bank or from a government agency that handles money. Make the effort and call those companies or agencies directly via the phone.
Yes, you will waste a lot of time being on hold. Yes, you will take days to get through to a live human who can answer your questions.
The alternative to making that effort to connect with a real person is to lose all the money you have in your accounts because you didn’t want to waste some time.
Please help protect your friends and neighbors by passing along this warning about the latest phishing scam, especially if they own a business.
© 2010 MoneyandRisk.com all rights reserved
