Phishing for your tax return

Phishing for your tax return

Summary: Tax season is right around the corner and the phishing attacks are ramping up faster than the auditors.For instance, this email landed in my inbox on Sunday.


Tax season is right around the corner and the phishing attacks are ramping up faster than the auditors.

For instance, this email landed in my inbox on Sunday.


While returns are nice I found it amazing that the IRS could figure out how much I should get before I even get my 1099s and W-2s. Amazing. The "click here" link sends me to:

Double bonus: A Russian site and some music along with my return. It's my (un)lucky day.

These attacks will probably be more successful (and credible) the closer we get to the April 15 deadline.

Also beware the fake IRS site. Trend Micro last week outed a few fake IRS web sites as a public service.

TrendLabs researchers have discovered a number of bogus Internal Revenue Service (IRS) Web sites containing links to a host of malicious .EXE files. These bogus Web sites try to appeal to the attention of business managers and accountants to click on the links supposedly pertaining to information on the latest updates on corporate tax laws.

Topics: Software Development, Banking, Browser, Government, Government US, Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • May work on the clueless

    The IRS only comes looking for you if you owe them money, not the other way around. No way in hell would you ever get an email from the IRS claiming that they did a calculation for you and came up with a refund that you are entitled to simply by "clicking here."

    They have much more involved processes than that. Anyone who has ever filed a tax return knows that it is impossible to get a refund without filing one.

    Anyone who has dealt with the IRS knows two things: one, they are greedy and will not hunt you down to give you money, two, they are far too busy hunting down people who have been stiffing them to be calculating returns for you. Who would want them to anyway? You may as well tatoo "I'm a sucker" on your forehead so people will have ample warning when they see you coming.

    This scam should be painfully obvious...but some idiot somewhere will fall for it, I'm sure.

    For future reference, the IRS never sends out emails like that. They send out letters. Scary ones with complex calculations, large penalties and interest figures, and a threat to place a lien on your property and accounts, or ones that inform you that they have recalculated your previous tax return and you have made an error in their favor, when in acuality, some lackey can't tell the difference between 950.10 and 95010 on a 1099 (about a $40,000 difference in tax, btw...boy oh, did that client panic at first!).

    Anytime a communication from the IRS is received, regardless of whether it is electronic, paper-based, or telephonic, you should contact your CPA right away. If you don't have a CPA, and would have fallen for this scam, then you don't have enough knowledge regarding the proper processes for dealing with the IRS to prepare your own return and you will regret that down the line.
    • There's always an exception.

      When I was still in school and made about $5K one year, I filed my taxes and got a letter and a check from the IRS saying that I had over calculated the amount of taxes I owed. They said they had corrected it and sent me a check for the difference. I suppose I triggered an audit by my low stated income. That sure backfired on them.
      • Yes, but

        Audits are a different story. You can't get one without filing a return first. Your low income was a red flag, and they examined it as a result. If they had found it to be unsupported, you would have been visited by an agent.

        The above scenario just doesn't happen. The IRS mantra - if they owe and don't file, it's tax evasion and we will hunt them down, take everything they own, and toss them in the clink...if they are due a refund and don't file, oh well, it's their loss, they've got 7 years to claim it or it expires.
  • 2-6 business days. dead giveaway

    that it's not the IRS. They need to change it to state 6-8 weeks.
    • That was my first thought as well. (nt)

    • RE: 2-6 business days?????

      Quote: [i]that it's not the IRS. They need to change it to state 6-8 weeks.[/i]

      Should that [b]not[/b] be: [i]"that it's not the IRS. They need to change it to state 6-8 [b]years.[/b]"[/i]

  • The comma should be a warning!

    I guess the gullible probably aren't educated enough to realize this e-mail uses the European style of a comma between the dollars and cents ($270,25) vs the US style of a decimal point ($270.25).
  • This is new?

    I've been getting these for months already.
  • RE: Phishing for your tax return

    Nothing new. They have been using this for awhile. Banks, other financial and government website logos and legitimate looking information so they get those that don't look at the link to where it goes to. Most interesting that IRS never contacts you via email for any matter since IRS uses US Postal Service first and then home phone to contact you. Email is extremely rarely used unless you request it.