I received the following e-mail this morning from the "Internal Revenue Service":
Internal Revenue Service (IRS)
United States Department of the Treasury
Date: 01/22/2008
After the last annual calculations of your fiscal activity we have determined that you are eligible to receive a tax refund of $184.80.
Please submit the tax refund request and allow us 6-9 days in order to process it. A refund can be delayed for a variety of reasons.
For example submitting invalid records or applying after the deadline. To access the frm for your tax refund, use the following personalized link:
http://0xCA.0x27.0x30.0xDD/www.irs.gov/
Regards,
Internal Revenue Service
This is clearly a hoax, as you might surmise from the stuff I've highlighted in bold. If you follow the attached link, you'll find a very official looking website, complete with the IRS seal and everything. However, the stench of falsehood becomes quite rank when you see that they request your credit/debit card information right up to your ATM PIN. (Also, the website does not link you to any other page on irs.gov).
This is probably the most elaborate hoax I've ever received and I actually believed it at first glance. The fradulent e-mail I generally receive involves winning the UK lottery or some poor sap in Africa who is in duress and needs an emergent wire-transfer. I've gotten so many of these, that I often wondered why internet thieves have stuck with these strategies for so long. After all, even the most reluctant Bayesians would come to see through the strategy.
One explanation might be differential rates of adoption of various gambits among internet thieves. The innovators who first came up with the emergent wire transfer strategy might have done quite well. Given that the (marginal) cost of sending mass e-mails is low and that these ideas are essentially public goods, others with some spare time started to adopt the strategy in increasing numbers. My sense is that, today, the original perpetrators have likely moved on to glitzier things like this IRS scam, while the late adopters are responsible for the continuing flow of UK lottery winnings messages and such.
Any other ideas?
3 comments:
My main thought looking at such things is "I could do so much better."
The world breathes a sigh of relief that we two have dedicated our lives to science, Atheen, instead of crime.
Look at the address
http://0xCA.0x27.0x30.0xDD/www.irs.gov
All they've done is created a folder called www.irs.gov under the domain 0xCA.0x27.0x30.0xDD.
Not only that, but the IRS would not send mass information like this by email. First off they would call you or more probably send you mail.
But seriously, if you were due a refund, do you really expect them to send you an email to let you know? Wouldn't they only want to contact you if you owe?
Fair points by both of you. I was able to figure it out about 10 seconds after I saw the e-mail (and it was weird to begin with). But it seems like these people actually put in some effort. And, a recent e-mail from the university IT people suggests that a non-trivial number of people fell for this...
Post a Comment