IRS Phishing Scams May Be On The Rise

Stanley Rose headshot By

The arrival of tax season seems to be accompanied by an increase in phishing from fake IRS websites, and this message is intended as a warning regarding how increasingly easy it is to be fooled.

Phishing generally consists of unsolicited e-mails that lure unsuspecting recipients into action at their own expense.  If successful, the sender tricks the recipient into providing personal information by replying to the message or clicking a link, which may unleash malicious code to wreak havoc on the victim’s computer or secretly collect information from it.  Identity theft sometimes results, often with the thief filing a fraudulent refund claim while posing as the victim.

Phishers have figured out that one particular group has the ability to scare even a relatively wary person into immediate action:  The IRS.  For that reason, a common phishing ploy takes the form of a very official-looking message that appears to have been sent by the IRS.  It portrays IRS contact information, letterhead and language consistent with valid notices.  As those of you who have received legitimate ones can attest, IRS communications contain their own “look.” Unfortunately, the phishers are becoming more adept at duplicating it.

Following are examples of how fake IRS messages may attempt to fool their recipients:

1. A warning that the reader’s tax appeal (Case #5682756, etc.) has been DENIED!  The reader is encouraged to re-submit an appeal by clicking on a link.
2. The IRS has determined, after corrections to the recipient’s account, that he or she is eligible for a refund of $63.80 (or any other amount), and can access the request form to obtain that refund by clicking on a link.
3. The IRS Antifraud Commission has detected attempts by another party to access your bank account.  The IRS has helpfully responded by blocking your accounts, and you can unblock the accounts by providing information/clicking a link.

Some of these e-mails contain comical typos, but many look increasingly real.  However, if you receive a message, please remember the following information before taking any action:

1. Know that the IRS never initiates contact with taxpayers via e-mail.  Usually they will write, and occasionally they instead will call.
2. Note the subtle difference:  The IRS website suffix is “.gov” rather than “.com.”
3. Do not reply, open any attachments or click on any links.  Instead, delete the message.  The IRS (the real IRS!) encourages forwarding the message to them at phishing@irs.gov.

Finally, while e-mails seem more prevalent, note that similar scams do occur via snail-mail, fax or phone call as well.  Be very suspicious of any call in which the caller asks for personal information.  Ask any caller claiming to represent the IRS for a badge number and a return call number if you have any reason to doubt the call’s validity.  Much more information and contact numbers may be found on the IRS website below.

http://www.irs.gov/privacy/article/0,,id=179820,00.html

If you would like to discuss further, please call your BNN advisor or Stan Rose.

Disclaimer of Liability: This publication is intended to provide general information to our clients and friends. It does not constitute accounting, tax, investment, or legal advice; nor is it intended to convey a thorough treatment of the subject matter.