LAST NOTICE: Your Federal Tax Payment ID Has Been Rejected

Guess what? The IRS has rejected your Tax Payment ID.

At first we thought this was an attempt to phish EFTPS credentials but after clicking the bogus link to eftps.gov (Warning: don’t try this at home) we found out otherwise. It does eventually send you to eftps.gov but not until after it tries to “borrow” your computer.

Subject: LAST NOTICE: Your Federal Tax Payment ID 01035750 is rejected. Urgent Report.

From: “EFTPS Tax Payment” <customers@eftps.gov>

a
Welcome to Eftps


Your Federal Tax Payment ID: 0103759 has been rejected.
Please, check the information and refer to Code R21 to get details about your company payment in transaction contacts section:
http://eftps.gov/R21

Return Reason Code R21 – The identification number used in the Company Identification Field is not valid.
In other way forward information to your accountant adviser.

on the site. James was appointed guardian of his two younger brothers, William Wright and Joseph Tarpelin,
EFTPS:
The Electronic Federal Tax Payment System

Steve Miller, b. 4 Oct 1951, Langdale, Chambers, AL. Thomas: Joan and Thomas were divorced in March 1983,


WARNING!
You are using an Official United States Government System, which may be used only for authorized purposes. Unauthorized modification of any information stored on this system may result in criminal prosecution. The Government may monitor and audit the usage of this system, and all persons are hereby notified that the use of this system constitutes consent to such monitoring and auditing. Unauthorized attempts to upload information and/or change information on this web site are strictly prohibited and are subject to prosecution under the Computer Fraud and Abuse Act of 1986 and Title 18 U.S.C. Sec. 1001 and 1030.


The link disguised as http://eftps.gov/R21 actually goes to:

http://89.149.225.33/~fuhrer/pl4udn/a9r8sty.html

Definitely not eftps.gov.

Our first attempt to visit the URL above revealed that both FireFox and AVG wanted to protect us from whatever is hosted there. We took AVGs advice and decided not to let the Windows machine near it. On a Mac the site spent a couple of minutes trying to load and then sent us to eftps.gov.

We’re assuming this process would have been much quicker on an unprotected Windows machine and we’d probably have some sort of trojan or other malware installed on our machine by now. The Mac survived because, well, it’s a Mac.

Whatever the actual threat content is, the email above is bogus. We sure hope you found this before you clicked the link.

BTW, here’s how to spot bogus links.

Update 10/21/2010

The pink text in the message above was white in the original message. Apparently this campaign has some random text to confuse spam filters.

We also found another version:

Subject: SECOND NOTICE: Your Federal Tax Payment has been rejected in system.

From: “EFTPS Tax Payment” <customers@eftps.gov>

Your Federal Tax Payment ID: 010375195 has been rejected.
Return Reason Code R21 – The identification number used in the Company Identification Field is not valid.

Please, check the information and refer to Code R21 to get details about your company payment in transaction contacts section:

http://eftps.gov/R21
In other way forward information to your accountant adviser.
EFTPS:
The Electronic Federal Tax Payment System

PLEASE NOTE: Your tax payment is due regardless of EFTPS online
availability. In case of an emergency, you can always make your tax
payment by calling the EFTPS.

This appears to be another version of the same campaign. Maybe not, since they sent the “SECOND NOTICE” after the “LAST NOTICE”. We purged the exemplars from the original one so we can’t be sure. Either way it’s still fraud.

The bogus link in this one refers to:

http://soldin57days.com/

Still not eftps.gov.

- -

OnlyMyEmail is an award winning hosted spam filtering service and business email hosting provider. Our enterprise cloud computing anti-spam solution, the MX-Defender, has the highest capture rate of any spam filter ever tested in the VBSpam Challenge, blocking a record setting 99.9993% of all malicious and junk email.

Our Personal spam filtering system is also a Software as a Service (SaaS) solution and has won both the PC World "World Class Award" and also the PC Magazine "Editor's Choice Award."

OME-Kids is a webmail solution that protects children from spam and other harmful emails. OME-Kids offers unique Parental Controls that allow you to choose the level of security and oversight that's right for your child.

Tags: , , ,

2 Responses to “LAST NOTICE: Your Federal Tax Payment ID Has Been Rejected”

  1. Nancy Hartzog says:

    I received the IRS email and contacted the IRS. They said they DO NOT send emails. If you received this fraudulent message re: IRS forward it to phishing@IRS.gov
    The IRS will investigate.

  2. OnlyMyEmail Anti-Spam Team says:

    Good to know. Thanks Nancy.