Skip to content
Search
  • There are no suggestions because the search field is empty.
Cancel
Get Started Now

    Security Awareness Training Blog

    Scam Of The Week: Insidious New IRS Social Engineering Attack

    170x170_road-sign-464653_1920.jpgThere is a new insidious IRS scam that you need to warn your employees, friends and family about, and inform your HR department to start with.

    Seasoned internet criminals are sending bogus emails with attachments, text messages and even snail mail claiming to be from the IRS and using a phony Form CP 2000.
    This form is normally mailed by the IRS when income reported by employers does not match the income reported on the taxpayer's income tax return. To further confuse the potential victim, the letter accompanying the phony IRS form indicates that the form relates to the Affordable Care Act.

    This scam is being investigated by the Treasury Inspector General for Tax Administration. The real CP 2000 form is a hefty six-pager with instructions about what steps to take whether you agree or disagree with the assessment. At the moment, the crooks are extorting straight cash out of victims, but this may just as well be used as a vehicle for instant malware infections.

    I suggest you send the following to your employees, friends and family. Feel free to copy/paste/edit:

    "There is an insidious new IRS scam doing the rounds. They send you a phony IRS CP 2000 form and claim the income reported on your tax return does not match the income reported by your employer. This is meant to get you worried. To confuse you further, the bad guys claim this has something to do with the Affordable Care Act.

    You might receive emails with attached phony forms, text messages and even live calls to your phone about this! You need to know that the IRS will never initiate contact with you to collect overdue taxes by an email, text message or phone call.

    If you get any emails, text messages, old-time snail mail or even live calls about this, do not click on anything, do not open attachments, do not reply and if it is a call, hang up the phone . If you receive a "CP 2000" form in the mail and doubt this is legit, you can always call the IRS at 1-800-366-4484 to confirm it is a scam."

    If you want a safe way for employees to report suspicious email to your organization's Incident Response team, download KnowBe4's complimentary Phish Alert Outlook add-in which gives your user a one-click option to send you any suspicious email including full headers.  Did I say there are no costs for this? You don't even have to be a KnowBe4 customer, and we will soon have a Gmail version too.

    Get your Phish Alert Button

    PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

    https://info.knowbe4.com/phish-alert

     

    Return To KnowBe4 Security Blog

    Topics: Scam Of The Week

    Stu Sjouwerman

    ABOUT STU SJOUWERMAN

    Stu Sjouwerman (pronounced “shower-man”) is the founder and CEO of KnowBe4, Inc., which hosts the world’s most popular integrated security awareness training and simulated phishing platform, with over 54,000 organization customers and more than 50 million users. A serial entrepreneur and data security expert with 30 years in the IT industry, Stu was the co-founder of Inc. 500 company Sunbelt Software, a multiple award-winning anti-malware software company that was acquired in 2010.

    Read more from Stu »

    Subscribe to Our Blog


    Security Awareness Training
    Blog RSS Feed
    Comprehensive Anti-Phishing Guide
    All Posts

    Posts by Tag

    See all

    Posts By Topic

    View All

    Get the latest about social engineering

    Subscribe to CyberheistNews