A new phishing scam is targeting users of the Electronic Federal Tax Payment System (EFTPS - Free Government tax payment site) which has been provided free of charge by the U.S. Department of Treasury since 1996.
The EFTPS tax payment site is utilized by those who wish to make direct tax payments online to the U.S. Treasury, including personal taxes and estimated business taxes. Such a service is a major convenience for millions of U.S. citizens and, lately, it has been taken advantage by scammers who use spam email messages that lead computer users to phishing sites that collect personal information.
Phishing sites have a long history of being able to mimic legitimate sites, usually online banking websites, in an effort to collect a user's login, social security number, home address or even credit card numbers. Ultimately, this collected information leads to identity theft in many cases. Security researchers from avertlabs.com's research blog have uncovered a new scam that uses a spam email that states that 'Your EFTPS Tax Payment ID has been rejected'. The email reads:
Your EFTPS Tax Payment ID has been rejected.
Report ID: ***. Your Federal Tax Payment ID: *** has been rejected. Return Reason Code R## - The identification number used in the Company Identification Field is not valid. Please, check the information and refer to Code R## to get details about your company payment in transaction contacts section: http://www.eftps*******7.com/contacts
The 'Your EFTPS Tax Payment ID has been rejected' message attempts to notify a user that their Federal Tax Payment has been rejected. Knowing how the IRS is very strict about receiving payments a user of the EFTPS system would want to rectify the situation according to the email above. That is when the user falls for the trick and eventually clicks on the link provided in the spam message which leads them to a phishing website (Figure 1.) that looks identical to the real EFTPS site (Figure 2.) at https://www.eftps.gov/eftps/. The URL for the phishing website starts off the same as the real one only it ends in '.com' instead of '.gov'.
Figure 1. EFTPS Phishing site (Fake website designed to collect personal data).
Figure 2. Real EFTPS Online Tax Payment site provided by the U.S. Treasury Department.
Can you tell the difference between the phishing site and the real EFTPS site in Figure 1 and Figure 2? These witty hackers are pretty good at their game aren't they? Do you think you would fall for this trick if you recently made a payment on the EFTPS site and then received a spam message similar to the one above?