E-mail this page E-mail this



Notice of Underreported Income

Phishing bait: Notice from the IRS indicating the recipient has unreported or underreported income.

Example:   [Collected via e-mail, September 2009]

Subject: Notice of Underreported Income
From: no-reply@irs.gov


Taxpayer ID: smith-00000174073547US
Tax Type: INCOME TAX
Issue: Unreported/Underreported Income (Fraud Application)
Please review your tax statement on Internal Revenue Service (IRS) website

(click on the link below):
review tax statement for taxpayer id: smith-00000174073547US
Internal Revenue Service
 

Origins: Notices purporting to come from the Internal Revenue Service (IRS) make good phishing bait for a number of reasons:
  • Notices from institutions of the federal government (especially an agency with the ominous reputation of the IRS) grab people's attention.
  • Unlike other phishing schemes that emulate mailings from various private financial institutions (e.g., Bank of America) and are therefore easily recognized as phony by many recipients (because they do no business with those companies), a forged IRS notice has the potential to take in a much larger pool of victims, as most adult U.S. residents have dealings with that agency.
  • Many people find the federal income tax filing process complicated and confusing, so the idea that they might have unclaimed refunds or payments awaiting them seems plausible.
A September 2009 mass e-mailing took advantage of those points, spamming Internet users with phony notices
that warned recipients they might be targets of IRS fraud investigations due to having unreported or underreported income and invited them to click on a link to "review" their "tax statements" on the IRS web site. (The provided link led to an .EXE file that was likely a carrier of some form of malware.)

The IRS never sends out unsolicited e-mails to taxpayers. When the IRS needs to contact a taxpayer, it sends notice via U.S. Mail, and every such notice includes a telephone number that the recipient can call for confirmation. Should you need to visit the IRS web site for any reason, go there directly (by entering the www.irs.gov URL into your web browser) rather than following links in e-mail messages.

The IRS says about such e-mails that:
The IRS does not initiate taxpayer communications through e-mail. In addition, the IRS does not request detailed personal information through e-mail or ask taxpayers for the PIN numbers, passwords or similar secret access information for their credit card, bank or other financial accounts.

Do not open any attachments to questionable e-mails, which may contain malicious code that will infect your computer. Please be advised that the IRS does not initiate contact with taxpayers via e-mails.
The IRS site contains information about how to report phishing e-mails purporting to originate with the IRS.

Last updated:   9 September 2009

Urban Legends Reference Pages © 1995-2014 by snopes.com.
This material may not be reproduced without permission.
snopes and the snopes.com logo are registered service marks of snopes.com.