Fake IRS Economic Stimulus Refund! EMail

My Readers Love You

I can only conclude that my readers love each other. One of you sent me a copy of the fake IRS email that’s being spammed around the country. She must care alot about you, whoever you are, to take the time to send it. So thank her for this one, not me.

I am certainly grateful to her. This is, by any measure, the best-written scam email I have ever seen. There is only One Error in the whole thing, and most people would miss it completely. In the text of the email, the word ‘Refund‘ is used, where the correct word should be ‘Rebate‘. I would add the caveat about Scam Flags being in BOLD, but there is only one, repeated several times, and you can’t miss it. It’s in BOLD.)
EDIT: Found another error: missing the word “the” in the 1st sentence. See how easy it is to miss this stuff?

——– Original Message ——–
Subject: 2008 Economic Stimulus Refund!
Date: Fri, 6 Jun 2008 17:47:22 -0400
From: Internal Revenue Service

mpayne writes:’I believe this is the spam you were looking for…’ Jon says: Look how excited the IRS is about that Refund! with the exclamation mark!! in the subject line. Oh, yeah, the IRS is excited…

Over 130 million Americans will receive refunds as part of President Bush program to jumpstart economy. Our records indicate that you are qualified to receive the 2008 Economic Stimulus Refund.
The fastest and easiest way to receive your refund is by direct deposit to your checking/savings account.
Please follow the link and fill out the form and submit before June 10th, 2008 to ensure that your refund will be processed as soon as possible.

Submitting your form on June 10th,2008 or later means that your refund will be delayed due to the volume of requests we anticipate for the Economic Stimulus Refund.

To access Economic Stimulus Refund, please click here.

Note: If you received this message in your SPAM/BULK folder, that is because of the large amount of e-mails we are sending out or because of the restrictions implemented by your ISP.

No virus found in this incoming message.
Checked by AVG.
Version: 8.0.100 / Virus Database: 270.0.0/1489 – Release Date: 6/7/2008 11:17 AM

Still Not Sure? WHOIS

Except for that one word, this thing looks real. Maybe Jon is going off a bit half-cocked, you say? Maybe the IRS is just trying to save some trees by not printing checks and envelopes? After all, that is ‘dot gov’ in the address!

Well, then. Let’s take just one more step on the path to enlightenment. The return address is a do-not-reply, so that serves us no easy purpose. The only connection offered to us is a link. You may not know, but we don’t have to left click that link to find out where it goes. We can Right-Click the link, bringing up the contextual menu. Choose the option, COPY LINK LOCATION. Then open up NOTEPAD and PASTE it. This is what you’ll find:

Then you copy just the part that is the IP address, ‘’ and take it over to Arin and plug it into the search form there. Hit the button labeled ‘Search WHOIS‘ and you’ll get a result which includes the following information:

OrgName: Asia Pacific Network Information Centre
Address: PO Box 2131
City: Milton
StateProv: QLD
PostalCode: 4064
Country: AU

Comment: This IP address range is not registered in the ARIN database.
Comment: For details, refer to the APNIC Whois Database via
Comment: WHOIS.APNIC.NET or http://www.apnic.net/apnic-bin/whois2.pl
Comment: ** IMPORTANT NOTE: APNIC is the Regional Internet Registry
Comment: for the Asia Pacific region. APNIC does not operate networks
Comment: using this IP address range and is not able to investigate
Comment: spam or abuse reports relating to these addresses.

So, we’re not able to find out exactly who is behind the email. But we did find that whoever they are, their servers’ addresses are owned by APNIC.

Let me make this clear: The US IRS will not use the Asia Pacific Network Information Centre in Australia to host its websites. The US government originally built the internet. The IRS has its own servers.

Also, the IRS has said publicly that they NEVER send emails of this type to anyone. Don’t fall for it.

I am Jon, and I am absolutely certain this email is a scam.

Thanks again to mpayne for forwarding this along to me. Ironically, mpayne has been the most vocal opponent of publishing so many ‘Fake EMail’ posts here at Wordout. Luckily for us, she keeps an open mind and actually cares about the rest of us.