I got a scary-good email trying to scam me today. The only immediately obvious tip is the mangled “Department of Treasure” at the bottom (that and the fact that I didn’t request a transcript).
But the usual giveaway for email scams, a spoofed email address, was not there. When I looked for the actual sender email address by hovering the mouse over the FROM email (which shows the actual email usually), it said exactly the same as the visible email address. Thus, it appears that the RussBots have penetrated the IRS public email address book or (insert Trump joke here).
So I hovered over the “Download Your Tax Account Transcript” link and that’s when the connection to Russia shows up — note the .ru on the attack payload.
REMEMBER: In pre-Internet days, you generally used to have to go to the seedy side of town to run into the bad guys.
With the Internet, every criminal in the world not serving in Congress is just a click away from you.
This is what the email looked like
But what it was actually doing was trying to get me to click on that link in the middle
which would have downloaded malware onto my computer, probably capturing it to put it to work mining bitcoins or other scammy cryptocurrency, or installing ransomware, or both.