Join Early Retirement Today
Reply
 
Thread Tools Display Modes
Suspicious Email *Regarding State Return*
Old 03-27-2024, 08:06 PM   #1
Thinks s/he gets paid by the post
ownyourfuture's Avatar
 
Join Date: Jun 2013
Posts: 1,561
Suspicious Email *Regarding State Return*

Did my tax return using H&R Block deluxe + state last Thursday night. (March 21, 2024)
Federal return was accepted within an hour, state approximately 12 hours later.

Today, (March 27, 2024) I received the following email/message.






I didn't open the attachment shown in the lower left, but did click on
'read the message'

The result was a one time pass code sent to me.








I never tried to enter the passcode because I was very suspicious.
State is Minnesota, I've had the same yahoo email address since 2009, & have had nothing to do with Microsoft since 2008 when I bought my first iMac.

I'll contact the state tax office tomorrow, but in the meantime, wondered if anyone else from Minnesota might have received something similar ?
__________________
"No beast so fierce but knows some touch of pity, but I know none, therefore am no beast"
Shown @ The End Of The Movie 'Runaway Train'
ownyourfuture is offline   Reply With Quote
Join the #1 Early Retirement and Financial Independence Forum Today - It's Totally Free!

Are you planning to be financially independent as early as possible so you can live life on your own terms? Discuss successful investing strategies, asset allocation models, tax strategies and other related topics in our online forum community. Our members range from young folks just starting their journey to financial independence, military retirees and even multimillionaires. No matter where you fit in you'll find that Early-Retirement.org is a great community to join. Best of all it's totally FREE!

You are currently viewing our boards as a guest so you have limited access to our community. Please take the time to register and you will gain a lot of great new features including; the ability to participate in discussions, network with our members, see fewer ads, upload photographs, create a retirement blog, send private messages and so much, much more!

Old 03-27-2024, 08:47 PM   #2
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
ivinsfan's Avatar
 
Join Date: Feb 2007
Posts: 9,958
Do you have an online account with the state. That's my state and they do require an unique code to log on to the site. If you do have an account you might try to log on directly from the website .

You'd need to get a new code as they are time sensitive
ivinsfan is offline   Reply With Quote
Old 03-27-2024, 11:40 PM   #3
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
Sunset's Avatar
 
Join Date: Jul 2014
Location: Spending the Kids Inheritance and living in Chicago
Posts: 17,076
Could be someone tried to get into your account or change the password at the State, and it sent the code to you as 2 factor authorization.
Person trying to get into your account failed as they can't read your email.
__________________
Fortune favors the prepared mind. ... Louis Pasteur
Sunset is offline   Reply With Quote
Old 03-28-2024, 11:25 AM   #4
Thinks s/he gets paid by the post
ownyourfuture's Avatar
 
Join Date: Jun 2013
Posts: 1,561
Quote:
Originally Posted by ivinsfan View Post
Do you have an online account with the state. That's my state and they do require an unique code to log on to the site. If you do have an account you might try to log on directly from the website .

You'd need to get a new code as they are time sensitive
Thanks for the reply.

I've never had an online account with the state.
I'll try to contact them via phone in about 45 minutes.
I'll update any findings later today.
__________________
"No beast so fierce but knows some touch of pity, but I know none, therefore am no beast"
Shown @ The End Of The Movie 'Runaway Train'
ownyourfuture is offline   Reply With Quote
Old 03-28-2024, 11:54 AM   #5
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
ivinsfan's Avatar
 
Join Date: Feb 2007
Posts: 9,958
Darn it it sounds like a scam attempt...it's always something...
ivinsfan is offline   Reply With Quote
Old 03-28-2024, 12:03 PM   #6
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
target2019's Avatar
 
Join Date: Dec 2008
Location: On a hill in the Pine Barrens
Posts: 9,709
Did you enter the Yahoo address anywhere when filing? Is it in H&R?

Check the complete headers in original email message.
target2019 is offline   Reply With Quote
Old 03-28-2024, 12:28 PM   #7
Thinks s/he gets paid by the post
ownyourfuture's Avatar
 
Join Date: Jun 2013
Posts: 1,561
Quote:
Originally Posted by target2019 View Post
Did you enter the Yahoo address anywhere when filing? Is it in H&R?

Check the complete headers in original email message.
Listed my cell phone number & email address on the return.
(directly below where you sign and date)

Not sure what you mean by checking the complete headers in the original email message ?
__________________
"No beast so fierce but knows some touch of pity, but I know none, therefore am no beast"
Shown @ The End Of The Movie 'Runaway Train'
ownyourfuture is offline   Reply With Quote
Old 03-28-2024, 02:11 PM   #8
Thinks s/he gets paid by the post
ownyourfuture's Avatar
 
Join Date: Jun 2013
Posts: 1,561
Just finished up a conversation with the MN Dept Of Revenue.
The address I received the suspicious email from was their correct address, but they never tried to contact me.

Everything is fine. Return is fine & my refund is on the way.

So this was definitely something malicious.
Thankful (that at least at this point) no damage was done.

Thanks for the replies.
__________________
"No beast so fierce but knows some touch of pity, but I know none, therefore am no beast"
Shown @ The End Of The Movie 'Runaway Train'
ownyourfuture is offline   Reply With Quote
Old 03-28-2024, 02:50 PM   #9
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
ivinsfan's Avatar
 
Join Date: Feb 2007
Posts: 9,958
Well boo on the state because their answer makes zero sense
ivinsfan is offline   Reply With Quote
Old 03-30-2024, 04:03 PM   #10
Thinks s/he gets paid by the post
ownyourfuture's Avatar
 
Join Date: Jun 2013
Posts: 1,561
Quote:
Originally Posted by ivinsfan View Post
Well boo on the state because their answer makes zero sense
If you lived in Minnesota, & saw the # of things going on that don't make sense, you wouldn't be at all surprised.
__________________
"No beast so fierce but knows some touch of pity, but I know none, therefore am no beast"
Shown @ The End Of The Movie 'Runaway Train'
ownyourfuture is offline   Reply With Quote
Old 03-31-2024, 07:59 AM   #11
Thinks s/he gets paid by the post
 
Join Date: Mar 2004
Posts: 2,343
Quote:
Originally Posted by ownyourfuture View Post
Just finished up a conversation with the MN Dept Of Revenue.
The address I received the suspicious email from was their correct address, but they never tried to contact me. .
To those familiar with email header information, is it possible to get an email from a spoofed legit sender email address but have different malicious reply to email address? I know when it comes to phone calls or possibly texts, a phone number can be spoofed. I once received a call that came from MY phone number.
__________________
I look to the present moment because that's where I live my life.
MJ is offline   Reply With Quote
Old 04-02-2024, 02:18 PM   #12
Moderator
sengsational's Avatar
 
Join Date: Oct 2010
Posts: 10,716
I'm glad your return is safe and the check is on the way.


Just curious and for lurkers learning how to spot fakes, I think that if you go to look at the message source, and find the link under the "Read the Message" button, that will uncover the attempted fraud. That should tell all. If it's not a legit domain (everything between the first "//" and the first "/" after it, then it's a scam. If it was a legit domain between those two markers (which it won't be), then it probably would have been legit.

Open it up to message source, search for "Read the Message" and report back the domain.
sengsational is online now   Reply With Quote
Old 04-02-2024, 03:36 PM   #13
Thinks s/he gets paid by the post
ownyourfuture's Avatar
 
Join Date: Jun 2013
Posts: 1,561
Quote:
Originally Posted by sengsational View Post
I'm glad your return is safe and the check is on the way.


Just curious and for lurkers learning how to spot fakes, I think that if you go to look at the message source, and find the link under the "Read the Message" button, that will uncover the attempted fraud. That should tell all. If it's not a legit domain (everything between the first "//" and the first "/" after it, then it's a scam. If it was a legit domain between those two markers (which it won't be), then it probably would have been legit.

Open it up to message source, search for "Read the Message" and report back the domain.
Unfortunately, I won't be able to do that. I already deleted both emails.
If it ever happens again, I'll try what you suggested.
Regards
__________________
"No beast so fierce but knows some touch of pity, but I know none, therefore am no beast"
Shown @ The End Of The Movie 'Runaway Train'
ownyourfuture is offline   Reply With Quote
Old 04-02-2024, 05:55 PM   #14
Recycles dryer sheets
 
Join Date: Jan 2014
Location: Voorheesville, NY
Posts: 206
Quote:
Originally Posted by ivinsfan View Post
Well boo on the state because their answer makes zero sense
In what way; seems like a complete answer from them?
jpeter1093 is offline   Reply With Quote
Old 04-02-2024, 06:31 PM   #15
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
ivinsfan's Avatar
 
Join Date: Feb 2007
Posts: 9,958
Quote:
Originally Posted by jpeter1093 View Post
In what way; seems like a complete answer from them?
Because someone is using their website in a fraudulent manner..it's not from us is not good enough
ivinsfan is offline   Reply With Quote
Old 04-02-2024, 06:36 PM   #16
Recycles dryer sheets
 
Join Date: Jan 2014
Location: Voorheesville, NY
Posts: 206
Quote:
Originally Posted by ivinsfan View Post
Because someone is using their website in a fraudulent manner..it's not from us is not good enough
Not sure what they can do to stop fraudsters from framing; as long as their databases are locked down. But anybody can spoof an email and write a physical address. Can you give an example of what you would have them do?
jpeter1093 is offline   Reply With Quote
Old 04-03-2024, 06:23 AM   #17
Thinks s/he gets paid by the post
 
Join Date: Mar 2004
Posts: 2,343
Quote:
Originally Posted by ownyourfuture View Post
Unfortunately, I won't be able to do that. I already deleted both emails.
It's still there unless you emptied your email trash.
__________________
I look to the present moment because that's where I live my life.
MJ is offline   Reply With Quote
Old 04-03-2024, 07:04 AM   #18
Thinks s/he gets paid by the post
The Cosmic Avenger's Avatar
 
Join Date: May 2016
Location: Mid-Atlantic
Posts: 2,674
Quote:
Originally Posted by MJ View Post
To those familiar with email header information, is it possible to get an email from a spoofed legit sender email address but have different malicious reply to email address? I know when it comes to phone calls or possibly texts, a phone number can be spoofed. I once received a call that came from MY phone number.
That's not uncommon in the email headers of scams. The From: is legit, but the Reply-to: goes to a similar-looking but different address. The most common is that both are spoofed to be legitimate addresses, but the links in the email are to phishing sites.
__________________
-Looking to FIRE in the mid-2020s, which would be our mid-50s.
The Cosmic Avenger is online now   Reply With Quote
Old 04-03-2024, 05:12 PM   #19
Thinks s/he gets paid by the post
ownyourfuture's Avatar
 
Join Date: Jun 2013
Posts: 1,561
Quote:
Originally Posted by MJ View Post
It's still there unless you emptied your email trash.
I emptied it.
__________________
"No beast so fierce but knows some touch of pity, but I know none, therefore am no beast"
Shown @ The End Of The Movie 'Runaway Train'
ownyourfuture is offline   Reply With Quote
Old 04-09-2024, 09:54 PM   #20
Recycles dryer sheets
 
Join Date: Jul 2018
Location: Brea
Posts: 62
One of the most prevalent scam emails right now are the "IRS and State" "Need more information" emails. I filed my returns on a Tuesday and both Fed and State were refunded in 2 days. A week later I got relatively identical emails form IRS and State that "additional information is require before my refunds can be processed". Both emails got deleted rather quickly. It is the season for leeches who believe their only job is to steal from others that worked for a living
__________________
Rocket Ron
swabby01 is offline   Reply With Quote
Reply


Currently Active Users Viewing This Thread: 3 (0 members and 3 guests)
 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Suspicious Account Activity after Joining ChatGPT Amethyst Other topics 5 02-20-2023 10:46 AM
Suspicious activity on my SS account. Right! Time2 Other topics 31 12-06-2020 11:42 AM
Should we be suspicious? athena53 Health and Early Retirement 22 02-03-2016 11:49 AM

» Quick Links

 
All times are GMT -6. The time now is 08:05 AM.
 
Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2024, vBulletin Solutions, Inc.