Alert: "IRS" Scam Email Links to Malicious Code

'Tis the Season (for IRS Email Spam)

With the beginning of tax season, we're starting to see an uptick in fake IRS spam email. We are currently blocking a big IRS email scam with the subject "Complaint against your company" that links to malicious code on a hacked WordPress or other site.

Thousands of these hit within minutes and we blocked all of them, even the very first one, with our financial phishing filter. If you saw some of these, notify your antispam provider and warn users not to click the link.

About this "IRS" Scam

Despite some bad grammar and spelling, most of the information in the email looks legit, including the IRS logo, email address and toll free number. However, the urgent subject line and message (warning about a tax evasion complaint against your company) are designed to trick victims into clicking on a dangerous link.

The link looks like it goes to the IRS website, but actually goes to malicious code on a WordPress (or other) website that's been hacked into by the scammer.

Here's what the email looks like:

IRS Scam Email

This dangerous fake IRS email links to malicious code.

How We Blocked this Financial Scam

In order to block emails like this from the very first one, we've designed a "Financial Phishing Filter" that recognizes real and fake emails from banks, IRS, Paypal, ebay and other organizations that are often the subject of phishing scams. This filter analyzes the validity of the headers and particularly the sending IP address of emails purporting to be from those entities.

According to Ted Green, co-developer of SpamStopsHere:

Using SPF and our own databases of the IPs such organizations use for legitimate emails, we can determine with exceptional accuracy which are legitimate and which are fake. All this is done with less than a few seconds of delay to the email.

The financial filter detects and blocks emails like these instantly, and then our professional spam reviewers analyze them for additional features that we can block. In this case we added some phrase filters in case a future variant gets past the financial filter, which is unlikely.

We made it one of our top priorities in 2014 to block financial phishing scams as their frequency exploded. According to Ted Green:

We now block more than 99.9% of the English language financial scams, with a false positive rate of around 1 in 10,000. That's less than our typical 1 in 100,000 false positive rate, but I've asked our staff to be more aggressive with them due to the heightened danger they pose to victims.


SpamStopsHere is updated every two minutes, 24/7/365. Because it works in the Cloud, spam filtering updates take effect immediately without the user downloading or installing anything.

If you're having trouble keeping up with these threats, consider trying SpamStopsHere FREE for 30 days. It blocks 99.5% of spam while delivering over 99.999% of legitimate emails. That means we block fewer that 1 out of 100,000 good emails, which is why businesses and professionals love our service.

Click here for more about SpamStopsHere and our 24/7/365 live support

Marks used in this article are the properties of their respective owners. This article is for informational purposes. No endorsement by third parties is implied and none should be inferred.