Sneaky Tax Refund e-mails

Tax refund scamTax refund scam e-mails are nothing new. They’ve been doing the rounds for many many years at this stage. Like the “Nigerian Prince” scams, that are enjoying a resurgence presently, the tax refund scams might catch out those who are new to the internet and may not have heard of such scams before.

It is tax season in the US at the moment and there are a lot of scams going on, which the IRS do warn people about. This one caught my attention because it was a simple attempt to steal e-mail account credentials. Apparently there have been some changes made to the US tax code, which people are aware of but may not fully understand them, which may be enough to cause somebody to fall for this scam.

What happens is the victim receives an e-mail with the subject of “Federal Tax Refund Information”.

This e-mail then says “Good afternoon, I have a very important information for you concerning the Federal Tax Refund which I know that it will help you. Kindly check the attached file to view the details.” For those of you unfamiliar with Commandment 5, you might be tempted to open the attachment.

The PDF that is attached, when opened, simply contains what looks like a link to a Google Drive document.

Tax refund scam google drive link

Which of course you want to look at because, money! There is also a sense of urgency introduced by saying the tax refund document is only stored for 14 days. While this is a fairly lengthy period by phishing standards, it still sows a sense of haste.

Clicking on the link, brings you to a website that looks an awful lot like a Google Docs sign-in page which, if you are not paying attention, might cause you to give away your Gmail account name and password. I refer, of course, to not paying attention in regards to the address of the sign-in page, which is circled in red:


Tax refund scam google drive sign-in

That is not “” which would be what you are would normally expect. Of course if a genuine account and password is provided, then the evil doers will now take full control over the e-mail account and use it for nefarious purposes, UNLESS of course you had followed Commandment 7 and used two-factor authentication. If you had, you could then laugh at the bad guys attempting to login as you and failing because of this brilliant protection mechanism.

Then you calmly go ahead and change that password in ALL accounts that you used it in, because it’s now compromised.

While this has been relating to the US tax season, expect similar carry-on during October in Ireland.