IRS Internet Scams: If the Tax Man Emails You Out of the Blue, It's Fraud. Always.
As buddy-buddy as you might be with the IRS, don't expect to get an email from the government's tax agency any time soon. And if you do -- as our editor did recently -- you can rest assured that it's a scam.
Here's the note our editor got in her inbox:
From: IRS
Reply-To: "noreply@girs.com"
Subject: Tax Notification
Our Ref. S/11434/12
Your Ref. 18B/765/12
NOTICE OF TAX RETURN FOR YEAR 2011
Dear Taxpayer, I am sending this email to announce: After the last annual calculation of your fiscal activity we have determined that you are eligible to receive a tax return of: $253.04
To receive your return, you need to register for an e-Services account: Click here to register If you already have an e-Services account:
Click here to login For more info on government services go to www.irs.gov @girs.com> @girs.com>
It's tempting to take the bait. After all, who wouldn't want an extra $253.04?
But when DailyFinance followed up with the IRS, which is known for confusing documents, the agency made itself crystal clear: "The IRS does not initiate contacts with taxpayers through email," spokesman Anthony Burke said. "Our contacts go out to taxpayers through the U.S. mail. If we're sending you a notice of some sort, if there's a tax petition suit, you're going to get mail from us."
As with any email phishing scam, the danger is that if you follow the link, you could end up with a malware infection, such as a Trojan horse that logs your keystrokes and allows a hacker to gain access to your bank accounts. @girs.com> @girs.com>Or, if you supply the website with personal information when it asks, you're laying yourself open to identity theft and larceny without the need for the hackers to go further.
In this case, the sending domain -- GIRS.com -- might at first glance be mistaken for an IRS site, but the URL actually sent recipients to a phishing page hosted in Saudi Arabia, according to Chester Wisniewski, a senior security adviser at digital security firm Sophos.
Sponsored Links
When we visited the now-disabled site, it did in fact look convincingly like an IRS website. The URL even contained the letters "IRS.gov" -- along with a long string of numbers that only a tech-savvy user might have recognized as problematic. (Astute readers of the email might also have picked up on the British spelling of the word "authorise" in the disclaimer, a tip-off that the author perhaps didn't learn English in the U.S.) @girs.com> @girs.com>
These days, Wisniewski noted, the majority of phishing and malware scams originate in the former Soviet Union, but in some ways, it's getting harder to tell. "They're hiring people to write professional English," he said. "The 419 guys are still writing broken African English. Small businesses in China trying to sell me large quantities of cheap goods and LED light bulbs -- there's lots of broken English. But the Russians behind banking fraud seem to be bringing more well-trained English [speakers]."
The result: What had been one of the biggest red flags of an Internet scam -- poor English -- is no longer one you can count on spotting.
The lesson is, if you're the least bit suspicious, don't take the bait. "I wouldn't give the IRS my email," Wisniewski said. "If your 'Spidey-sense' is tingling, just delete."
Jo-Stewart Rattray, the director of information systems security firm ISACA, advises going one step further.
"Pick up the phone and verify with the organization directly," she said. "Generally this is not the way that the IRS or banks choose to communicate with their taxpayers or customers ... The rule of thumb is, if it sounds too good to be true, it almost certainly is." @girs.com> @girs.com>
