Notice from the IRS indicating the recipient has unreported or underreported income.
Example: [Collected via e-mail, September 2009]
Subject: Notice of Underreported Income
Taxpayer ID: smith-00000174073547US
Tax Type: INCOME TAX
Issue: Unreported/Underreported Income (Fraud Application)
Please review your tax statement on Internal Revenue Service (IRS) website
(click on the link below):
review tax statement for taxpayer id: smith-00000174073547US
Internal Revenue Service
Notices purporting to come from the Internal Revenue Service (IRS) make good phishing
bait for a number of reasons:
- Notices from institutions of the federal government (especially an agency with the ominous reputation of the IRS) grab people's attention.
- Unlike other phishing schemes that emulate mailings from various private financial institutions (e.g., Bank of America) and are therefore easily recognized as phony by many recipients (because they do no business with those companies), a forged IRS notice has the potential to take in a much larger pool of victims, as most adult U.S. residents have dealings with that agency.
- Many people find the federal income tax filing process complicated and confusing, so the idea that they might have unclaimed refunds or payments awaiting them seems plausible.
A September 2009 mass e-mailing
took advantage of those points, spamming Internet users with phony notices
that warned recipients they might be targets of IRS fraud investigations due to having unreported or underreported income and invited them to click on a link to "review" their "tax statements" on the IRS web site. (The provided link led to an .EXE file that was likely a carrier of some form of malware.)
The IRS never sends out unsolicited e-mails
to taxpayers. When the IRS needs to contact a taxpayer, it sends notice via U.S. Mail,
and every such notice includes a telephone number that the recipient can call for confirmation. Should you need to visit the IRS web site for any reason, go there directly (by entering the www.irs.gov
URL into your web browser) rather than following links in e-mail
says about such e-mails
The IRS does not initiate taxpayer communications through e-mail. In addition, the IRS does not request detailed personal information through e-mail or ask taxpayers for the PIN numbers, passwords or similar secret access information for their credit card, bank or other financial accounts.
Do not open any attachments to questionable e-mails, which may contain malicious code that will infect your computer. Please be advised that the IRS does not initiate contact with taxpayers via e-mails.
The IRS site contains information
about how to report phishing e-mails
purporting to originate with the IRS.
9 September 2009