The Tax Man is Coming, So Are The Scammers


Thought Leadership

The Tax Man is Coming, So Are The Scammers

Teresa Zwierzchowski

April 15th is right around the corner, and the scammers are out in full force pulling out all their tax-time tricks in hopes of getting their own return.

Back in December, AppRiver security specialist alerted us to IRS-themed emails that contained a link to a compromised website. Once that website link was clicked, it began to download the Emotet Trojan loader. (READ MORE ON THAT HERE)

(I don't think we need to remind you how dangerous Emotet campaigns can be, but if you need a refresher: CLICK HERE.)

As we get closer to the deadline, the scammers are pulling out all the stops.

AppRiver email protection filters have been working overtime to stop fraudulent IRS emails from finding their way to your inbox.

The most recent examples of what they are catching involves a sordid tale of Business Email Compromise (BEC) phishing.


It starts out simple enough, an email drops in your inbox - allegedly from the IRS claiming you have an urgent voicemail. It includes a link to the voice message.

Don't. Even. Think. Of. Clicking. That. Link.

Because this is far from a simple voice mail from the IRS, it is a credential harvesting scam that could cause more headaches than an IRS audit.

Upon examining emails similar to the example above, AppRiver security specialists found the malicious messages were sent from compromised users and the link within the emails lead to a fake credential harvesting site.


According to, the IRS does not send out unsolicited e-mails to taxpayers about their accounts. They warn if you do receive an unsolicited email claiming to be from the IRS you should not reply to the message, not to click any link within the message and never give out your personal or financial information.

The site also advises that if you receive such an email to report it to