It's income tax season here in the United States, and the crooks are certainly ready to tug at our fear-strings.
Here's a juicy email tidbit that aims to cause enough concern to trigger a double-click of a horribly dangerous attachment:
Subject: Your FED TAX payment (ID:1O2IRS749979290) was Rejected
*** PLEASE DO NOT RESPOND TO THIS EMAIL ***
Your federal Tax payment (ID: 1O2IRS749979290), recently sent from your checking account was returned by the your financial institution.
For more information, please download attached notification. (Security Adobe PDF file)
Transaction Number: 1O2IRS749979290}
Payment Amount: $ 5114.87
Transaction status: Rejected ACH Trace Number: 8888888888 Transaction Type: ACH Debit Payment-DDA
Internal Revenue Service
Metro Plex 1, 8401 Corporate Drive, Suite 300, Landover, MD 20785.
Recipients might easily overlook a few content issues that make this message suspicious (e.g., some grammatical snafus and an ACH Trace Number that should trigger a race to buy a lottery ticket). Also, even in these days of e-filing, the IRS makes exception notifications via postal mail, not email.
Except for the occasional tax protester, nobody wants trouble from the IRS, especially if delays or what-have-you might cause penalties to accrue. That's what the crook who wants to grab control of your computer (and, potentially, your employer's network) is counting on. Double-click that attachment, and you'll soon wish the email really had come from the IRS.