IRS, Security Company Warn of Tax Phishers

U.S. taxpayers aren't the only ones busy as the April 15 tax filing deadline approaches. Identity thieves posing as the U.S. Internal Revenue Service (IRS) have also been active, sending out hundreds of thousands of phony phishing e-mail messages, according to the IRS and security vendors Symantec and Websense.

The IRS began warning of the scams late last year when it spotted the first such fraudulent e-mail messages, which claim to come from e-mail addresses such as or The messages send users to a clone of the IRS Web site where they're asked for sensitive financial information.

"We've seen a real uptick in the number of e-mail-type scams," says Nancy Mathis, an IRS spokesperson. "In late January and early February, there was an explosion of these things."

The tax agency has been increasingly focused on the phishing threat. Last Friday it issued an updated phishing warning, which is now linked on the front page of its Web site. Phishing has now been added to the agency's annual "Dirty Dozen" compilation of tax scams.

In the past, criminals have used the telephone or appeared in person to trick taxpayers into revealing financial information, but phishing creates new opportunities, Mathis says.

"The Internet really gives these phishing thieves an incredible reach," she says. "They are able to run the scam from foreign countries, which makes it more difficult for the Treasury Inspector General to close them down."

On the Increase

Although IRS phishing scams are increasing, they aren't as widespread as the the use of sites such as, says David Cowings, senior business intelligence manager with Symantec. "They're currently not in the top 10," he says. "They'd probably be in the top 100; I wouldn't put them any higher than that."

Websense believes that the IRS attacks are run by "the same person or group of people," who are using more than 60 hacked Web sites, all located outside of the U.S., says Dan Hubbard, the company's senior director of security and research.

The IRS has confirmed that 12 Web sites in 18 different countries have hosted variations of this scam.

Websense has also found fraudsters sending fake e-mail messages that claim to be from Brazil's Receita tax collection agency. Those messages, which appear to be from a different group than the IRS scams, tells users that they must click on a special Web link in order to complete their tax returns. By clicking on that link, the victim can inadvertently install key-logging software, Websense said. Websense has posted an alert online.

The bottom line is that unsolicited e-mail that claims to be from the IRS is fake, the IRS's Mathis says. "We may send a letter, we may call you, but we will not contact you via e-mail," she says.

Taxpayers wondering about the legitimacy of any communications are encouraged to call the agency's toll-free number: (800) 829-1040.

To comment on this article and other PCWorld content, visit our Facebook page or our Twitter feed.
Shop Tech Products at Amazon