IRS warns of new e-mail scam

Computerworld - The Internal Revenue Service (IRS) is warning taxpayers of an e-mail scam that uses the U.S. Department of the Treasury's Electronic Federal Tax Payment System (EFTPS) to lure them into disclosing personal information.

The IRS said the e-mail scam is the first to target the EFTPS, which allows businesses and individuals to pay their federal taxes online or via telephone.

The fake e-mail, which contains numerous grammatical and typographical errors, looks like a page from the IRS Web site and claims to be from the "IRS Antifraud Comission" (sic), a fictitious group. The e-mail claims that someone has enrolled the taxpayer's credit card in EFTPS and has tried to pay taxes with it. It also says that there has been fraudulent activity involving the taxpayer's bank account. In addition, the e-mail says money was lost and "remaining founds" (sic) are blocked.

Recipients are asked to click on a link that purports to help them recover their money, but the link takes them to a fake IRS site where they are asked to divulge personal information -- data that the scammers could use to steal the taxpayer's identity, the IRS said.

The IRS said it never asks people for personal identification numbers, passwords or similar secret access information associated with their credit cards, banks or other financial accounts.

The IRS said it has seen a recent increase in such scams. Since November, 104 different scams have been identified -- 22 of them in June alone -- the most since 40 were identified in March, at the height of the tax filing season. More than 8,000 bogus e-mails have been forwarded to the IRS to date -- including nearly 1,300 that were forwarded last month, the IRS said.

Investigations by the Treasury inspector general for tax administration have identified sites hosting more than two-dozen IRS-related phishing scams in a number of countries, including Argentina, Aruba, Australia, Austria, Canada, Chile, China, England, Germany, Indonesia, Italy, Japan, Korea, Malaysia, Mexico, Poland, Singapore and Slovakia, as well as in the U.S.

Other IRS-related scams tell recipients that they are due a federal tax refund and direct them to a Web site that appears to be a real IRS site. These bogus sites contain forms or interactive Web pages similar to IRS forms or Web pages, but which have been modified to request detailed personal and financial information from the e-mail recipients -- information that goes directly to the cyberthieves.

"The IRS does not send out unsolicited e-mails asking for personal information," said IRS Commissioner Mark Everson in a statement. "Don't be taken in by these criminals."

Read more about cybercrime and hacking in Computerworld's Cybercrime and Hacking Knowledge Center.