Monday, February 04, 2008

"IRS" Phishing Scam

Running through my SpamTrap, I noticed a couple of messages from the "Internal Revenue Service". It seems they owe me money and want me to update my information.

Here's the text of the shorter of the two:
After the last annual calculations of your fiscal activity we have determined that you are eligible to receive a tax refund of $188.40. Please submit the tax refund request and allow us 6-9 days in order to process it.

A refund can be delayed for a variety of reasons. For example submitting invalid records or applying after the deadline.

To access the form for your tax refund, please click here :


Internal Revenue Service U.S.A.
© Copyright 2007, Internal Revenue Service U.S.A.

(I've purposely munged up the http link so you won't accidentally click through if you've got "linkify" turned on in FireFox). Another similar message was in full (horribly formatted) HTML complete with signature. That one only offered a refund of $152.80, though.

Folks, the IRS will not send you an email like this. They have other ways to notify you. They will NEVER use a web server address in Pakistan, either (that's what the .pk means in the static host address above. As phishing scams go, this one's pretty lame. But lame or not, there are probably tens of thousands of people who will fall for it, giving out their bank accounts and God knows what else.

Beyond the fact that it's personally destructive to give away your identity, consider who you may be giving it TO. Al Qaeda operates in Pakistan. They'd love to have your money: and further, they'd love to have your identity to use on passports, airline tickets, credit receipts, etc.

Be careful and NEVER link to any financial source directly from an email. If you think the message may be legit, then visit the known valid website or call the published number instead.


Post a Comment

<< Home