Spot the Phish - Government Scams

Spot the Phishing Attempt - Government Imposters

The images displayed below are a combination of phishing and real emails depicting government imposter scams. Spot The Phish! Click on the images to zoom in.


Spoiler Alert: Answers are below.

Image 2 is the only real one. And the rest are attempted phishing attacks. Take a look below as we’ve highlighted all the phishes…

Image 1 details: The real IRS does not send emails to refund payment. Also, the real IRS does not initiate contact with you via email. The email is from [email protected], which is a spoofed email address. The sender is trying to create urgency by asking to send the refund request by close of business hours on the same day. Lastly the link to access the form, when hovered over, shows the fake site to which the user will be redirected.

 IRS Phishing Scam Explained 1

Image 2 details: Typical link checks in this email will tell you that they indeed take you to the domain. It appears to be a newsletter from the Center for Disease Control and Prevention (CDC). Tip: In cybersecurity, always check multiple links in the email instead of just one or two. That way, you’re doubly sure.

Image 3 details: The “FROM” address is a phishing email address impersonating “” When you hover over the URL you’re told to click on, you see the link goes to an unrelated “.com” instead of “” site. Also, the “TO” field is empty.

SSA Phishing Scam Explained 3

Image 4 details: The email appears to be coming from an email address [email protected], which is a fake one. In this phishing attack, the email is trying to create a sense of anxiety for the user with the heading “Notification of a consumer complaint.” Also, the link to download the form when hovered over shows an unrelated site “” along with a “download.js” file which looks like a script will run when the user clicks on the link. Lastly, the phishing email tries to create fear in the user by warning about the violation, fines, or imprisonment.

FTC Phishing Scam Explained 4

ERMProtect's Weekly Newsletter

Get a curated briefing of the week's biggest cyber news every Friday.

Stop Phishing Attacks with ERMProtect's Security Awareness Training

Turn your employees into a human firewall with our innovative Security Awareness Training.

Our e-learning modules take the boring out of security training.

Intelligence and Insights

log management

How A Log Management Assessment Can Prepare Your Organization for a Cyber Attack

This article delves into the significance of log analysis in a forensic readiness assessment and outlines best practices for organizations to optimize their log management strategies …
Business Impact Assessments

Importance of Business Impact Assessments

In the event of a data breach, Business Impact Assessments will help your organization prioritize recovery steps and get back to business faster …
cybersecurity incident response

How to Choose the Right Tabletop Scenario for Incident Response Testing

To effectively combat these threats, organizations must invest in robust cybersecurity incident response strategies …