This morning we have begun receiving reports of phishing scams baited with information allegedly from the IRS about a problem with the recipient’s tax refund. As Michael Hickins, Wall Street Journal, pointed out in a March 2011 blog post,
It’s tax season, which means cyber-thieves are trawling the Web and sending counterfeit email in the hopes of snaring your personal tax data. And they’ve created websites with reasonable-seeming addresses and legitimate-seeming emails in order to lure unsuspecting citizens into clicking on the wrong link or downloading a virus-laden PDF.
Below is a sample phish that landed at UDel.edu this morning.
This is not a very convincing scam, with
- interesting grammar,
- an incomplete address and strange hours in the signature block,
- a link to a site in Germany for you to enter your information,
- email about “your” refund being sent to a mailing list,
- and so on. One version of this scam claims the IRS is contacting you about your state tax refund.
But as we get deeper into tax season, be on the lookout for better forgeries claiming to be from the IRS. They all are trying to make you react to the shock of having a tax problem — “Oh, no! My refund has a problem!” [click] — without thinking it through.
As the IRS itself says,
The IRS does not initiate contact with taxpayers by email to request personal or financial information. This includes any type of electronic communication, such as text messages and social media channels.
Report Phishing, IRS Web page, 10/18/2012
If you receive a phishing message claiming to be from the IRS, you can report it to firstname.lastname@example.org — then delete the phishing message.