IRS Notification: Notice of Underreported Income

Phishing bait: Notice from the IRS indicating the recipient has unreported or underreported income.

Example:   [Collected via e-mail, September 2009]

Origins: Notices purporting to come from the Internal Revenue Service (IRS) make good phishing bait for a number of reasons:

• Notices from institutions of the federal government (especially an agency with the ominous reputation of the IRS) grab people's attention.
• Unlike other phishing schemes that emulate mailings from various private financial institutions (e.g., Bank of America) and are therefore easily recognized as phony by many recipients (because they do no business with those companies), a forged IRS notice has the potential to take in a much larger pool of victims, as most adult U.S. residents have dealings with that agency.
• Many people find the federal income tax filing process complicated and confusing, so the idea that they might have unclaimed refunds or payments awaiting them seems plausible.

A September 2009 mass e-mailing took advantage of those points, spamming Internet users with phony notices

that warned recipients they might be targets of IRS fraud investigations due to having unreported or underreported income and invited them to click on a link to "review" their "tax statements" on the IRS web site. (The provided link led to an .EXE file that was likely a carrier of some form of malware.)

The IRS never sends out unsolicited e-mails to taxpayers. When the IRS needs to contact a taxpayer, it sends notice via U.S. Mail, and every such notice includes a telephone number that the recipient can call for confirmation. Should you need to visit the IRS web site for any reason, go there directly (by entering the www.irs.gov URL into your web browser) rather than following links in e-mail messages.

The IRS says about such e-mails that:

The IRS site contains information about how to report phishing e-mails purporting to originate with the IRS.

Last updated:   9 September 2009