Who's using 2-step verification and where?
Can we extend trust-based collaboration beyond handshakes and face-to-face?

Is it spam? This season in IRS tax scams

It's tax season in the US. This week's "Is it spam?" features spampaigns that attempt to attract mail recipients into revealing personal information, including Social Security numbers, or electronic filing PINs. These are only a few of the scams that the US  Internal Revenue Service (IRS) identifies annually in it's Dirty Dozen tax scams list.  Some of these emails may contain word documents that masquerade as official tax forms but contain malicious macros

HttptrusteesaleslvcomwpcontentthemesfilesindexhtmlThis season's scams contain Subject: lines such as:

[Issue #:IRS099283746] For Your Record

New Message from IRS.gov

Your IRS Online Services Update

Your 2015 Electronic IP Pin! 

View Your Tax Return Status

Tax Exemption Notification

Identity Verification

As you can tell by this sample of Subject lines, tax fraudsters use several methods to hook victims.  The most common are fear or uncertainty  (tax error or delinquency), and greed (exemption notices). Tax fraudsters also play on tax payer impatience (check tax return status) or appeal to tax filers who are always looking for ways to save on taxes.

IrsTax fraudsters treat the IRS as a "brand". They will use the IRS logo. They'll replicate official looking forms. In short, they use conventional phishing techniques, so please follow the "how to avoid being phished" recommendations I and others publish. However, be particularly suspicious of the following:

  • links that take you to sites containing official looking submission forms like those I show here. 
  • promises of larger or extraordinary refunds,  
  • offers to help you hide income or that will reveal hidden deductions for fees in advance

The IRS offers other specific advice for tax payers to avoid becoming a tax fraud victim. You may also want to check out IRS social media channels, including YouTube videos and IRS on Tumblr http://internalrevenueservice.tumblr.com (search “scam” to find scam-related posts).

If you do receive an IRS phishing email, please report it to the IRS and the AntiPhishing Working Group (APWG). You can also join the user campaign against phishing: add your phish to PhishTank.



Feed You can follow this conversation by subscribing to the comment feed for this post.

The comments to this entry are closed.