It’s been more than a week since we started seeing spam email, supposedly sent by the EFTPS (Electronic Federal Tax Payment System, a division of the US Department of the Treasury), informing recipients in dire, bolded text that Your Federal Tax Payment ID: 01037513 has been rejected. I had hoped it would be a faded memory by now, but apparently it just won’t die.
Spam, ladies and gentlemen. It’s a lie, cooked up in a criminal’s troubled mind, with the goal of convincing signficant numbers of people to click a link in the message. It’s a pretty contrived message, which also informs the recipient, in characteristic Spamglish, to “In other way forward information to your accountant adviser.” Apparently, whoever began the campaign needs a refresher in the history of recent Internet scams — this particular scam has been going on again, off again for four years.
Judging by the number of other people asking about this online, the campaign must have been massive. And like a squirrel harassing birds on a feeder, it’s not likely to go away anytime soon.
In this case, the link looks like it’s supposed to go directly to the EFTPS Web site, but the author of the spam simply hyperlinked the URL to point elsewhere. In the case of some of the samples we’ve seen, the messages link to a page on the domain freesite.org; That page contains a single line of HTML to redirect victims to yet another site, which has since been shut down.
So while the spam messages continue to percolate through the email networks, it’s a tiger with no teeth or claws anymore. If you clicked the link, only to end up on a blank page at eftpsid0353546.com — a domain hosted in Russia, on the same server as such esteemed Web sites as qualityhealthmall.com and fdadrugmall.com — rest assured, you’re probably safe, but need to practice the first two parts of Stop. Think. Connect.