As April 15 approaches, U.S. citizens preparing to file their taxes are susceptible to online scams designed to steal their personal information and, ultimately, their money. Here is a roundup of tips for how people can protect themselves.
First off, the Internal Revenue Service does not initiate taxpayer communications through e-mail, and the agency does not request details on personal information via e-mail. The IRS has detailed information on how to report and identify phishing and e-mail scams and bogus IRS Web sites here. More information about specific tax fraud schemes is here.
Microsoft's Security Tips & Talk blog recommends that people filing taxes online should learn to recognize the official IRS Web site. In addition, people should make sure that the Web address of the site they are filing on is secure and begins with "https," the secure version of the Hypertext Transfer Protocol, and that there is a locked padlock icon at the bottom of the screen, the blog post says.
Tax-related phishing attacks have been going on for a few weeks, at least, according to Proofpoint. One particularly pernicious one arrives in e-mail in-boxes with a subject line of "Notice of Underreported Income" and asks recipients to review their tax information with a link to a site that is represented as an IRS site. Instead, according to this Proofpoint blog item, the link leads to a fake IRS page with an executable that installs the data-stealing Zeus Trojan.
For more on this story, read Anti-fraud tips and tools for tax season on CNET News