Computer Security Caution: Phishing Email Scam Targets EFTPS Taxpayers

Caution: Phishing Email Scam Targets EFTPS Taxpayers

A new phishing scam is targeting users of the Electronic Federal Tax Payment System (EFTPS - Free Government tax payment site) which has been provided free of charge by the U.S. Department of Treasury since 1996.

The EFTPS tax payment site is utilized by those who wish to make direct tax payments online to the U.S. Treasury, including personal taxes and estimated business taxes. Such a service is a major convenience for millions of U.S. citizens and, lately, it has been taken advantage by scammers who use spam email messages that lead computer users to phishing sites that collect personal information.

Phishing sites have a long history of being able to mimic legitimate sites, usually online banking websites, in an effort to collect a user's login, social security number, home address or even credit card numbers. Ultimately, this collected information leads to identity theft in many cases. Security researchers from's research blog have uncovered a new scam that uses a spam email that states that 'Your EFTPS Tax Payment ID has been rejected'. The email reads:


Your EFTPS Tax Payment ID has been rejected.


Report ID: ***. Your Federal Tax Payment ID: *** has been rejected. Return Reason Code R## - The identification number used in the Company Identification Field is not valid. Please, check the information and refer to Code R## to get details about your company payment in transaction contacts section: http://www.eftps*******

The 'Your EFTPS Tax Payment ID has been rejected' message attempts to notify a user that their Federal Tax Payment has been rejected. Knowing how the IRS is very strict about receiving payments a user of the EFTPS system would want to rectify the situation according to the email above. That is when the user falls for the trick and eventually clicks on the link provided in the spam message which leads them to a phishing website (Figure 1.) that looks identical to the real EFTPS site (Figure 2.) at The URL for the phishing website starts off the same as the real one only it ends in '.com' instead of '.gov'.

Figure 1. EFTPS Phishing site (Fake website designed to collect personal data).
phishing fake website for eftps tax payment

Figure 2. Real EFTPS Online Tax Payment site provided by the U.S. Treasury Department.
real eftps online tax payment government site

Can you tell the difference between the phishing site and the real EFTPS site in Figure 1 and Figure 2? These witty hackers are pretty good at their game aren't they? Do you think you would fall for this trick if you recently made a payment on the EFTPS site and then received a spam message similar to the one above?


this is crazy!!!!!! My friend showed me this exact email on his computer at his desk. holy cow, these hackers are unbelievable! You guyss are great for bringin this to everyone attention! keep up the good works!

We got the same emial. We do not use EFTPS for our company so it was a no brainer. However I think the Feds should crack down on this with all its power since in most cases they require you to use EFTPS. Thanks for the info!!

Very slick attempt. It might have worked if they hadn't sent me four messages in rapid succession.

So who do you report these to ? The real EFTPS site has no way to report these. Shouldn't the govt shut down or sever the acess to these sites?

I've received 4 of these in the past 12 hours. Below are three of the fake sites:

You can report these fraudulent emails to the U.S. Department of the Treasury 'Fraud Reporting' E-Mail Scams and Fraud department on the website:

The U.S. Treasury also warns the public about email scams in general and gives you a physical address to report them to at

i jsut got this email. i actually got it 3 times in a row with 3 different return addresses. i stroke a conversation with one of the spammers trying to get personal info from him