![\"\"](\"https:\/\/blogs.pugetsound.edu\/infosec\/files\/2021\/04\/4-9-21-irs-phish-1024x595.png\")
<\/figure>\n\n\n\nTips for Detection<\/p>\n\n\n\n
- Notice the “Caution” banner prepended to the email. <\/li>
- The IRS does not generally initiate contact via email, text message, or social media. <\/li>
- Hovering over the hyperlinked text shows a suspicious URL outside irs.gov: https:\/\/main[.]dnryov2fkyjam[.]amplifyapp[.]com\/. <\/li>
- Tax refunds are not paid by credit card as the email would indicate. <\/li>
- The email address spoofs an @pugetsound.edu address. Note: no account was compromised. <\/em><\/li><\/ul>\n\n\n\n
Text of Phishing Message<\/p>\n\n\n\n
Internal Revenue Service (IRS)<\/p>\n\n\n\n
Dear Applicant,<\/p>\n\n\n\n
After the last annual calculations of your fiscal activity, we have determined that you are eligible to receive an extra tax refund of 944.79 USD<\/p>\n\n\n\n
Please submit the tax refund request and click here by having your tax refund sent to your account in due time.<\/p>\n\n\n\n
Claim your refund now [link removed<\/em>]<\/p>\n\n\n\n
Refundable Amount: 944.79 USD
Payment Method: By Credit Card<\/p>\n\n\n\nAfter completing the form, Please submit the form by clicking the SUBMIT button on form and allow 5-9 business days in order to process it.<\/p>\n\n\n\n
This email was sent from a notification-only address that cannot accept incoming email.<\/p>\n\n\n\n
This is an automatically generated email.
Please do not reply as the email address is not monitored for received mail.<\/p>\n","protected":false},"excerpt":{"rendered":"Original Phishing Message Note: If you received this email, please delete the message and do not click any links. The email is not legitimate. For more information about similar scams, please see https:\/\/www.irs.gov\/newsroom\/irs-warns-university-students-and-staff-of-impersonation-email-scam. Tips for Detection Notice the “Caution” banner prepended to the email. The IRS does not generally initiate contact via email, text message, […]<\/p>\n","protected":false},"author":521,"featured_media":367,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[3,4],"class_list":["post-366","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-the-phish-tank","tag-phishing","tag-phishtank"],"_links":{"self":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts\/366","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/users\/521"}],"replies":[{"embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/comments?post=366"}],"version-history":[{"count":1,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts\/366\/revisions"}],"predecessor-version":[{"id":368,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts\/366\/revisions\/368"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/media\/367"}],"wp:attachment":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/media?parent=366"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/categories?post=366"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/tags?post=366"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}