Internal Revenue commission scam email
Once again, malware is being spread via the lure of money from the government. This time the email is apparently from the New Zealand Internal Revenue Commission. The email informs the recipient that money has been deposited in their account. A statement such as that is likely to pique most people’s interest. The problem is that it’s not true.
The attachment to the email is a zip file. It contains an executable file that installs ransomware on your PC. These tax scams are common. Sometimes the malware is CryptoLocker; sometimes it is spyware with keystroke loggers. Either way, the intent is malicious. Don’t click on links without checking first. Most important, don’t download attachments and don’t install programs contained in attachments.
Figure A is the email. It is plain. No branding or logos used. The email is in plain text. The email purports to be from the “Inland Commission”. We suspect the “Inland” is meant to be “Internal”. The two words look similar on first read. Note that the Internal Revenue Commission is the New Zealand government’s taxation authority.
There are no links in the email. The single warhead is a zip file. The zip file is called “Payment Confirmation.zip”. It contains an executable called “Payment Confirmation.exe”. The email states the transaction reference number, payer reference, payment method and currency. This gives a semblance of realism to the email. The email signs off with a standard imprimatur.
We all want to receive money back from the government, but be wary of emails stating that you have a tax refund waiting. Ploys such as these are used to snare victims. Sometimes the email contains malware. Other emails link to phishing sites that request bank account details. This email is the former. The attachment contains malware. Don’t download the attachment. Delete this email if you receive it.