Today is Friday, Jan 22, 2016. I will remember this day. In discussions we security researchers often talk about the dumb average computer user. Today I almost became one of them. I received the following email from a spoofed sender address [email protected]:

 

It tells me that because I am a non-resident alien in the US I need to submit additional information to the IRS because I opened a bank account and I am exempt from "tax withholdings on interest paid". All this was true to me and because I only very quickly skimmed the e-mail I did not detect any major flaws in the language. I would never expect a German authority to send me such an request by email but the Americans do many sensitive stuff online so I was not really surprised by the fact that "IRS" was communicating with me via email. I also gave them my email address on another form a few month ago.

What finally helped me to identify that it was a phishing attempt was that a google search for the indicated Fax number did not give any results. I would have expected to find it on some IRS website. Then I looked at the mail headers which revealed that the sender address was spoofed and finally made it clear that this is indeed a phishing attempt.

I am glad I realized this in the last minute as the information I would have provided on the form would be enough for an attacker to try to call my bank and reset the password with the information or something similar.

I am wondering why the phishing email was so well targeted at me. Or is my view just biased because I directly delete all other phishing mails?

By the way, the IRS never communicates by email. More information on their website.