Malware attack claims the IRS has rejected your tax appeal

Computer users are finding a message in their email inbox which isn’t all that it seems.

The messages appear to come from the IRS, and claim that the recipient’s tax refund appeal has been rejected.

Here’s a typical message:

IRS spam. Click for larger version

Sign up to our free newsletter.
Security news, advice, and tips.

Dear Business owner,
Hereby you are notified that your Income Tax Refund Appeal id#6636527 has been DECLINED. If you believe the IRS did not properly estimate your case due to a misunderstanding of the facts, be prepared to provide additional information. You can obtain the rejection details and re-submit your appeal by using the instructions in the attachment.

Internal Revenue Service

Subject lines used by the emails include:

Rejection of your tax appeal.
Your tax return appeal is declined.
IRS notification of your tax appeal status.

Of course, the attached HTML file is malicious and you should not open it. Sophos detects it as Mal/Iframe-AE.

There's nothing new, of course, about criminals spamming out malicious emails posing as the tax office. But the fact that it keeps happening suggests that it's a very effective method for duping the unwary into infection.

Make sure you keep your anti-virus protection up-to-date and your wits about you.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.