Increases in IRS Fraud

Date:02.24.2006

Threat Type: Phishing Alert

This is an update on the alert posted in December http://www.websensesecuritylabs.com/alerts/alert.php?AlertID=372 about Internal Revenue Service fraud emails and websites.

Websense® Security Labs™ is seeing an increase in Phishing and Fraud emails and websites that are spoofing the IRS.  Their intent is to dupe users into divulging confidential information. Users receive one of a variety of messages. The most popular is one that claims that the taxpayer is eligible for a refund and needs to log on to a website to verify information. Upon accessing the spoofed URL, the user is then forwarded to a fraudulent site that requests credit card information and other personal identifiers.

Many of the sites have similiar characteristics in their URL paths and include /IRS/claimrefund/caseid or /.www.irs.gov in the path.

Mail message body example:

After the last annual calculations of your fiscal activity we have determined that you are eligible to receive a tax refund of $63.80. Please submit the tax refund request and allow us 6-9 days in order to process it.

A refund can be delayed for a variety of reasons. For example submitting invalid records or applying after the deadline.

To access the form for your tax refund, please click here

< URL REMOVED >

Regards,
Internal Revenue Service

HTML Email screenshot:

Website Screenshot: