Up to 70,000 email inboxes of users from Microsoft Office 365 have been targeted with scam email’s impersonating the IRS according to researchers at Abnormal Security. The scammers are using a spoofed irs[.]gov email address to send emails to victims. By using a fear tactic, the emails are stating that the victims ow the IRS money and if it is not paid, legal action will be taken against them. the emails also include ID numbers, docket numbers, and warrant ID’s throughout the email. this coupled with virtually error-free English allows the scammers to put on a convincing scam. The email header shows the actual email being from shoesbagsall[.]com and when replying to the email it is redirected to the email legal.cc@outlook[.]com. The emails ask the victims to email back their Credit Card numbers to avoid legal action.
Scam emails involving the IRS have been around for many years and usually tend to pick up around tax season. In this case, the attackers are utilizing social engineering attacks to try and trick victims into giving up their credit card information. No specific industry or company was seen targeted in this attack and with this many emails being sent, it is possible the attackers stole a large amount of card numbers. Whenever an email asks for credit card information to be sent back to them it is likely a scam. No legitimate service should ask for a credit card number to be emailed.
More can be read here: https://www.bleepingcomputer.com/news/security/scammers-impersonating-the-irs-threaten-victims-with-legal-action/