DETROIT – As the April 15 income tax filing deadline fast approaches, cyber criminals have launched a barrage of phishing attacks purporting to be refund notices from the Internal Revenue Service.
The e-mail attacks claim that the recipient is entitled to a tax refund and prompts the recipient to click a link in the e-mail that directs them to a fraudulent IRS Website. They are then prompted to enter personal information such as social security and credit card numbers. Victims of these phishing attacks are often subject to fraudulent credit card charges and identity theft.
A common tax refund phishing e-mail may look similar to this:
From: [email protected]
Subject: Refund Notice!
You filed your tax return and you?re expecting a refund. You have just one question and you want the answer now, where?s my refund? Access this secure web site to find out if the IRS received your return and whether your refund was processed and sent to you.
New program enhancements allow you to begin a refund trace online if you have not received your check within 28 days from the original IRS mailing date.
?The IRS never sends unsolicited e-mails asking for personal identifying or financial information,? said IRS spokesperson Jesse Weller. ?It will, however, reply to specific inquiries.? The IRS has issued a consumer alert regarding tax refund phishing scams, and warns consumers not to open attachments in suspicious e-mails that could possibly contain malicious information-gathering code.
?We can predict future phishing scams with a high degree of accuracy,? said Ted Green, CEO of SpamStopsHere. ?Natural disasters and current events such as tax season are good catalysts and indicators of future phishing scams. Opportunistic cyber criminals are always on the lookout for the next subject of their next phishing attack campaign. Hurricane Katrina is a great example; we witnessed an incredible influx of hurricane relief phishing attacks only a day or two after it made landfall.?
SpamStopsHere.com recommends the following guidelines when confronted with a suspected phishing attack:
1. Assume any e-mail that asks you to log into your bank, credit union, PayPal, eBay or other personal account is a phishing scam.
2. Never click on links within a suspected phishing e-mail.
3. If a link is clicked, never enter banking information, social security numbers or other sensitive information.
4. Never enter your computer user name or password into an e-mail that requests it, even if it claims to be from your IT manager or other co-worker. It is easy for a spammer to forge the sender’s name.
5. If you are unsure as to the legitimacy of a particular e-mail, open an Internet browser and manually type in the URL of the institution in question, e.g. “www.irs.gov”. Do not use the URL in the e-mail as a reference, as it may be a forgery.
This article was submitted to the Detroit Regional Chamber’s Tips4Biz by Greenview Data Inc. in Ann Arbor.
