Bug 6631 - Suggestion for rules - certain "government" phishing attempts.
Summary: Suggestion for rules - certain "government" phishing attempts.
Status: RESOLVED WONTFIX
Alias: None
Product: Spamassassin
Classification: Unclassified
Component: Rules (show other bugs)
Version: unspecified
Hardware: All All
: P5 enhancement
Target Milestone: Undefined
Assignee: SpamAssassin Developer Mailing List
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2011-07-08 23:41 UTC by D. Stussy
Modified: 2019-07-08 07:22 UTC (History)
1 user (show)



Attachment Type Modified Status Actions Submitter/CLA Status
Sample messages text/plain None D. Stussy [NoCLA]

Note You need to log in before you can comment on or make changes to this bug.
Description D. Stussy 2011-07-08 23:41:12 UTC
1)  USA:  Internal Revenue Service.
Key phrase:  "We are unable to process your tax return"

The IRS never sends this type of email.  It is always a phish or a virus.
The IRS does request that all copies be sent to <phishing@irs.gov>.

2)  USA:  "Traffic Ticket" type spam/phish.
Key phrase:  "UNIFORM TRAFFIC TICKET"

Currently, this type of mail is impersonating New York State, but I suspect that it will evolve and include other jurisdictions (states or countries).
Other phrase:  "SEND IT TO TOWN COURT, CHATAM HALL., PO BOX 117"


I don't know if these are being received by alot of people, but I have received 5 of the former and 1 of the latter in the past month.  If someone wants to add rules for this, such would be nice.  Please add them for mass checking.  Sometimes, they are seen with an attachment - a zip archive with a virus inside, and sometimes, they are stand alone.  Obviously, when a virus is present, one's anti-virus program should see it (unless it's extremely new).
Comment 1 AXB 2011-07-08 23:45:51 UTC
Would it be possible for you to use the "Add an attachment" and provide a few samples (please munge recipient addresses only) ?
Comment 2 D. Stussy 2011-07-09 00:02:35 UTC
Created attachment 4931 [details]
Sample messages

As requested:  Headers and HTML-stripped text.
Comment 3 Henrik Krohns 2019-07-08 07:22:47 UTC
Closing old stale bug. Probably not relevant anymore.