INTERNAL REVENUE SERVICE PHISHING SCHEME MAKES THE ROUNDS AGAIN
Notices from institutions of the federal government (especially the IRS) grab people's attention and make good phishing bait. A forged IRS notice has the potential to take in an extremely large number of victims, as most adult U.S. residents have dealings with the agency. Many people find the federal income tax filing process complicated and confusing, so the idea that they might have unclaimed tax refunds waiting for them seems plausible.
Another mass phishing emailing has spammed millions of Internet users with phony notices that included the IRS logo, advised recipients they were eligible to receive tax refunds, and invited them to click on a link which took them to an IRS web site form through which they could claim those refunds. Of course, the links included in the messages didn't actually send users to the genuine IRS web site; they redirected claimants to imposter IRS sites (hosted on servers in a variety of countries) and instructed them to enter all sorts of sensitive personal information (credit card number, expiration date, CVV code and ATM PIN) into an on-line form so that the putative refunds could be posted directly to their debit/credit card or bank accounts. Any information entered into such forms can be harvested by scammers and used for identity theft and other financial crimes.
The IRS NEVER offers refunds through email or sends out unsolicited emails to taxpayers. When the IRS needs to contact a taxpayer, they send notice via U.S. Mail, and every such notice includes a telephone number that the recipient can call for confirmation. Should you need to visit the IRS web site for any reason, go there directly (by entering the www.irs.gov URL into your web browser) rather than following links in email messages.
