Phishing bait: Notice from the IRS indicating the recipient has unreported or underreported income.
Example: [Collected via e-mail, September 2009]
Subject: Notice of Underreported Income
From: no-reply@irs.gov
Taxpayer ID: smith-00000174073547US
Tax Type: INCOME TAX
Issue: Unreported/Underreported Income (Fraud Application)
Please review your tax statement on Internal Revenue Service (IRS) website
(click on the link below):
review tax statement for taxpayer id: smith-00000174073547US
Internal Revenue Service
Origins: Notices purporting to come from the Internal Revenue Service (IRS) make good phishing bait for a number of reasons:
- Notices from institutions of the federal government (especially an agency with the ominous reputation of the IRS) grab people's attention.
- Unlike other phishing schemes that emulate mailings from various private financial institutions (e.g., Bank of America) and are therefore easily recognized as phony by many recipients (because they do no business with those companies), a forged IRS notice has the potential to take in a much larger pool of victims, as most adult
U.S. residents have dealings with that agency. - Many people find the federal income tax filing process complicated and confusing, so the idea that they might have unclaimed refunds or payments awaiting them seems plausible.
A September 2009 mass
that warned recipients they might be targets of IRS fraud investigations due to having unreported or underreported income and invited them to click on a link to "review" their "tax statements" on the IRS web site. (The provided link led to an .EXE file that was likely a carrier of some form of malware.)
The IRS never sends out unsolicited
The IRS says about such
Do not open any attachments to questionable
The IRS does not initiate taxpayer communications through
The IRS site contains information about how to report phishing
Last updated: 9 September 2009