• United States

IRS, security vendors warn of tax phishers

Mar 20, 20063 mins

Identity thieves sending out fake IRS e-mails asking for sensitive financial information.

U.S. taxpayers aren’t the only ones busy as the April 15 tax filing deadline approaches. Identity thieves posing as the Internal Revenue Service (IRS) have also been active, sending out hundreds of thousands of phony “phishing” e-mail messages, according to the IRS and security vendors Symantec and Websense.

The IRS began warning of the scams late last year when it spotted the first such fraudulent e-mail messages, which claim to come from e-mail addresses such as or The messages send users to a clone of the IRS Web site where they’re asked for sensitive financial information.

“We’ve seen a real uptick in the number of e-mail-type scams,” said Nancy Mathis, an IRS spokeswoman. “In late January and early February, there was an explosion of these things.”

The tax agency has been increasingly focused on the phishing threat. Last Friday it issued an updated phishing warning, which is now linked on the front page of its Web site. Phishing has now been added to the agency’s annual “Dirty Dozen” compilation of tax scams.

In the past, criminals have used the telephone or appeared in person to trick taxpayers into revealing financial information, but phishing creates new opportunities, Mathis said.

“The Internet really gives these phishing thieves an incredible reach,” she said. “They are able to run the scam from foreign countries, which makes it more difficult for the Treasury Inspector General to close them down.”

Although IRS phishing scams are increasing, they aren’t as widespread as the the use of sites such as, said David Cowings, senior business intelligence manager with Symantec. “They’re currently not in the top 10,” he said. “They’d probably be in the top 100; I wouldn’t put them any higher than that.”

Websense believes that the IRS attacks are run by “the same person or group of people,” who are using more than 60 hacked Web sites, all located outside of the U.S., said Dan Hubbard, the company’s senior director of security and research.

The IRS has confirmed that 12 Web sites in 18 different countries have hosted variations of this scam.

Websense has also found fraudsters sending fake e-mail messages that claim to be from Brazil’s Receita tax collection agency. Those messages, which appear to be from a different group than the IRS scams, tells users that they must click on a special Web link in order to complete their tax returns. By clicking on that link, the victim can inadvertently install key-logging software, Websense said. (Websense’s alert is available here.)

The bottom line is that unsolicited e-mail that claims to be from the IRS is fake, the IRS’s Mathis said. “We may send a letter, we may call you, but we will not contact you via e-mail,” she said.

Taxpayers wondering about the legitimacy of any communications are encouraged to call the agency’s toll-free number: 1-800-829-1040.

The IRS phishing warning can be found here.

The 2006 IRS Dirty Dozen tax scam list can be found here.