Suspicious Email *Regarding State Return*

ownyourfuture

ownyourfuture

Thinks s/he gets paid by the post
Joined
Jun 18, 2013
Messages
1,561
Did my tax return using H&R Block deluxe + state last Thursday night. (March 21, 2024)
Federal return was accepted within an hour, state approximately 12 hours later.

Today, (March 27, 2024) I received the following email/message.


29143-albums233-picture2979.png




I didn't open the attachment shown in the lower left, but did click on
'read the message'

The result was a one time pass code sent to me.


29143-albums233-picture2980.png






I never tried to enter the passcode because I was very suspicious.
State is Minnesota, I've had the same yahoo email address since 2009, & have had nothing to do with Microsoft since 2008 when I bought my first iMac.

I'll contact the state tax office tomorrow, but in the meantime, wondered if anyone else from Minnesota might have received something similar ?
 
Last edited:
Do you have an online account with the state. That's my state and they do require an unique code to log on to the site. If you do have an account you might try to log on directly from the website .

You'd need to get a new code as they are time sensitive
 
Could be someone tried to get into your account or change the password at the State, and it sent the code to you as 2 factor authorization.
Person trying to get into your account failed as they can't read your email.
 
ivinsfan said:
Do you have an online account with the state. That's my state and they do require an unique code to log on to the site. If you do have an account you might try to log on directly from the website .

You'd need to get a new code as they are time sensitive
Click to expand...

Thanks for the reply.

I've never had an online account with the state.
I'll try to contact them via phone in about 45 minutes.
I'll update any findings later today.
 
Last edited:
Darn it it sounds like a scam attempt...it's always something...
 
target2019 said:
Did you enter the Yahoo address anywhere when filing? Is it in H&R?

Check the complete headers in original email message.
Click to expand...

Listed my cell phone number & email address on the return.
(directly below where you sign and date)

Not sure what you mean by checking the complete headers in the original email message ?
 
Just finished up a conversation with the MN Dept Of Revenue.
The address I received the suspicious email from was their correct address, but they never tried to contact me.

Everything is fine. Return is fine & my refund is on the way.

So this was definitely something malicious.
Thankful (that at least at this point) no damage was done.

Thanks for the replies.
 
Well boo on the state because their answer makes zero sense
 
ownyourfuture said:
Just finished up a conversation with the MN Dept Of Revenue.
The address I received the suspicious email from was their correct address, but they never tried to contact me. .
Click to expand...

To those familiar with email header information, is it possible to get an email from a spoofed legit sender email address but have different malicious reply to email address? I know when it comes to phone calls or possibly texts, a phone number can be spoofed. I once received a call that came from MY phone number.
 
I'm glad your return is safe and the check is on the way.


Just curious and for lurkers learning how to spot fakes, I think that if you go to look at the message source, and find the link under the "Read the Message" button, that will uncover the attempted fraud. That should tell all. If it's not a legit domain (everything between the first "//" and the first "/" after it, then it's a scam. If it was a legit domain between those two markers (which it won't be), then it probably would have been legit.

Open it up to message source, search for "Read the Message" and report back the domain.
 
Last edited:
sengsational said:
I'm glad your return is safe and the check is on the way.


Just curious and for lurkers learning how to spot fakes, I think that if you go to look at the message source, and find the link under the "Read the Message" button, that will uncover the attempted fraud. That should tell all. If it's not a legit domain (everything between the first "//" and the first "/" after it, then it's a scam. If it was a legit domain between those two markers (which it won't be), then it probably would have been legit.

Open it up to message source, search for "Read the Message" and report back the domain.
Click to expand...

Unfortunately, I won't be able to do that. I already deleted both emails.
If it ever happens again, I'll try what you suggested.
Regards
 
jpeter1093 said:
In what way; seems like a complete answer from them?
Click to expand...

Because someone is using their website in a fraudulent manner..it's not from us is not good enough
 
ivinsfan said:
Because someone is using their website in a fraudulent manner..it's not from us is not good enough
Click to expand...

Not sure what they can do to stop fraudsters from framing; as long as their databases are locked down. But anybody can spoof an email and write a physical address. Can you give an example of what you would have them do?
 
MJ said:
To those familiar with email header information, is it possible to get an email from a spoofed legit sender email address but have different malicious reply to email address? I know when it comes to phone calls or possibly texts, a phone number can be spoofed. I once received a call that came from MY phone number.
Click to expand...
That's not uncommon in the email headers of scams. The From: is legit, but the Reply-to: goes to a similar-looking but different address. The most common is that both are spoofed to be legitimate addresses, but the links in the email are to phishing sites.
 
One of the most prevalent scam emails right now are the "IRS and State" "Need more information" emails. I filed my returns on a Tuesday and both Fed and State were refunded in 2 days. A week later I got relatively identical emails form IRS and State that "additional information is require before my refunds can be processed". Both emails got deleted rather quickly. It is the season for leeches who believe their only job is to steal from others that worked for a living
 
swabby01 said:
It is the season for leeches who believe their only job is to steal from others that worked for a living
Click to expand...


Lots of leeches out there and email isn't the only way they leech. Stay safe, everyone.
 
You must log in or register to reply here.

Similar threads

Amethyst
Anyone Holding Templeton Emerging Market Fund/Seeking 1099 Info
Replies
16
Views
556
Amethyst
Amethyst
J
Prior Tax Return SNAFU
Replies
7
Views
736
jimbohoward69
J
S
Applying for SS and Medicare at 65
Replies
19
Views
2K
DrRoy
DrRoy
A
1041 trust return questions
Replies
6
Views
430
Montecfo
M
Mr._Graybeard
I got phished
2 3 4
Replies
85
Views
5K
isisdave
I

Latest posts

Back
Top Bottom