Tuesday, June 23, 2009

Phishing Bait: Refund Email from the IRS?

Has this, or something like it, popped up in your email inbox?

After the last annual calculations of your fiscal activity we have determined that
you are eligible to receive a tax refund of $749.80

Please submit the tax refund request and allow us 3-6 days in order to
process it.

A refund can be delayed for a variety of reasons.
For example submitting invalid records or applying after the deadline.

To access the form for your tax refund, please click here

Note: For security reasons, we will record your ip-address, the date and time.
Deliberate wrong inputs are criminally pursued and indicted.

Internal Revenue Service

© Copyright 2009 , Internal Revenue Service U.S.A. All rights reserved.

~ ~ ~ ~ ~

Looks good, doesn't it? Heck, I could use $750 right about now. Being unemployed, that would pay the bills - rent, electricity, etc, for a month! So you can believe me when I say that this email looked very tempting to me.


But Mom didn't raise many fools. I went right to Snopes and checked this out. I figured somebody - or a lot of somebodys - would have looked into this for legitimacy before me. And guess what? They did!

In part, here's what Snopes says about this lovely email:
Phishing bait:   Notice from the IRS indicating the recipient is eligible for a tax refund or stimulus payment.


Origins:   Notices purporting to come from the Internal Revenue Service (IRS) make good phishing bait for a number of reasons:[...]

The IRSs says about such e-mails that:

The IRS does not initiate taxpayer communications through e-mail. In addition, the IRS does not request detailed personal information through e-mail or ask taxpayers for the PIN numbers, passwords or similar secret access information for their credit card, bank or other financial accounts.

Do not open any attachments to questionable e-mails, which may contain malicious code that will infect your computer. Please be advised that the IRS does not initiate contact with taxpayers via e-mails.

Hey, don't listen to me, just head to the Snopes article, read it, then wait for that phishing email to arrive!

After that do what I did. Forward the email to the IRS. What it's about and how to handle it is explained at the IRS page here.

The IRS explains:
How to report phishing, e-mail scams and bogus IRS Web sites
If you receive an e-mail or find a Web site you think is pretending to be the IRS,

  • Forward the e-mail or Web site URL to the IRS at phishing@irs.gov.

  • You can forward the message as received or provide the Internet header of the e-mail. The Internet header has additional information to help us locate the sender.

  • After you forward the e-mail or header information to us, delete the message.

TImes are hard, and this is just another scam that will suck in the gullible or the desperate. Don't fall for it, okay? Check it out at Snopes, then send it on to the IRS.

Phishing is a crime. Let's nail the phishers!