The Internal Revenue Service (IRS) email scam is nothing new, having first become prevalent in 2005.
The basic function of the email is to try and trick the recipient into believing that they are due a refund of tax.
Typical IRS scam emails follow these basic steps –
- The victim receives an email that looks very official and appears to be from the Internal Revenue Service
- The email strongly suggests that the recipient is due a refund of tax
- The email looks quite genuine – it has a subject line of ‘IRS Tax Refund’ and the sender’s address has been spoofed to appear as firstname.lastname@example.org
- A hyperlink in the email points to a site where the victim is told that they have to fill out a form in order to proceed
If this hyperlink is followed then the target website offers up an official looking form to be filled in with personal details, such as name, address, social security number and credit card details.
The victim is then advised that it may be several weeks before they receive any confirmation of their tax refund. (This is to give the scammer time to get away with their money and their identity)
Obviously what is happening here is that the scammers are taking their victims to a fake site, from which they are extracting their personal financial details in order to steal both their money and their identity.
The best solution for this is to remember that the IRS would never initiate a refund through email.
Also, as ever, remember NEVER to click on links in emails.
If you believe the IRS owes you a tax refund then contact them by phone or type their website url directly into your browser.