Phishing bait: Notice from the IRS indicating the recipient is eligible for a tax refund.
Examples: [Collected on the Internet, 2006]
IRS Notification – Please Read This .
After the last annual calculations of your fiscal activity we have determined that you are eligible to receive a tax refund of $163.80. Please submit the tax refund request and allow us 6-9 days in order to process it.
A refund can be delayed for a variety of reasons. For example submitting invalid records or applying after the deadline.
To access the form for your tax refund, please click here
Internal Revenue Service
© Copyright 2006, Internal Revenue Service U.S.A. All rights reserved.
Origins: Notices purporting to come from the Internal Revenue Service (IRS) make good phishing bait for a number of reasons:
- Notices from institutions of the federal government (especially an agency with the ominous reputation of the IRS) grab people’s attention.
- Unlike other phishing schemes that emulate mailings from various private financial institutions (e.g., Bank of America) and are therefore easily recognized as phony by many recipients (because they do no business with those companies), a forged IRS notice has the potential to take in a much larger pool of victims, as most adult U.S. residents have dealings with that agency.
- Many people find the federal income tax filing process complicated and confusing, so the idea that they might have unclaimed tax refunds waiting for them seems plausible.
March 2006 mass phish e-mailing took advantage of those points, spamming millions of Internet users with phony notices that included the IRS logo, advised recipients they were eligible to receive tax refunds (of $63.80 or $163.80), and invited them to click on a link which took them to an IRS web site form through which they could claim those refunds. Of course, the links included in the messages didn’t actually send users to the genuine IRS web site; they redirected claimants to imposter IRS sites (hosted on servers in a variety of countries) and instructed them to enter all sorts of sensitive personal information (credit card number, expiration date, CVV code and ATM PIN) into an on-line form so that the putative refunds could be posted directly to their debit/credit card or bank accounts. Any information entered into such forms can be harvested by scammers and used for identity theft and other financial crimes.
The IRS never offers refunds through e-mail or sends out unsolicited e-mails to taxpayers. When the IRS needs to contact a taxpayer, they send notice via U.S. Mail, and every such notice includes a telephone number that the recipient can call for confirmation. Should you need to visit the IRS web site for any reason, go there directly (by entering the www.irs.gov URL into your web browser) rather than following links in e-mail messages.
Last updated: 17 March 2006
Speier, Drew. “E-Mail Scam Uses Fake IRS Web Site.”
WFIE-TV. 2 March 2006.
KPHO-TV. “Consumers Warned of IRS ‘Phishing’ Scam.”
2 March 2006.
KXAN-TV. “New E-Mail Scam Promises Money From the IRS.”
17 March 2006.
WFSB-TV. “Latest Scam Targets Tax Returns.”
2 March 2006.
WHEC-TV. “IRS Warning Taxpayers About Fake E-Mail Scam.”
2 March 2006.
WLNS-TV. “Beware of Tax Scam.”
7 March 2006.
- Miller, Anita. “Internet Scammers Using IRS Logo for Bait.”
- San Marcos Daily Record. 17 March 2006.