The Internal Revenue Service and its partners in the tax industry and state tax authorities issued a warning Monday about a wave of e-mails from cybercriminals purporting to come from “IRS Refunds.”
With tax season coming to a close next week, identity thieves are accelerating their efforts to steal identities and tax refunds. The “IRS Refunds” scam is one such tactic the IRS has been seeing used by cybercriminals to trick people into opening a link or attachment in the e-mail. The link takes unsuspecting victims to a bogus web page where cybercriminals try to steal personally identifiable information, including their Social Security number.
The links and attachments can also secretly download malware that can perform many functions, such as giving the thief control of the computer or tracking keystrokes to find other sensitive passwords or critical data.
The IRS noted that it doesn’t randomly contact taxpayers or tax professionals via email, including asking people to confirm their tax refund information. The IRS initiates most contacts through regular mail delivered by the United States Postal Service.
There are special circumstances, though, in which the IRS will telephone or visit a home or business, such as when a taxpayer has a tax bill overdue, to get a delinquent tax return or a employment tax payment, or to stop by a business as part of an audit or criminal investigation.
Even then, taxpayers usually receive several letters (called “notices”) beforehand from the IRS in the mail.
Earlier this tax season, the IRS also warned about another scam in which erroneous tax refunds were being deposited in taxpayers' accounts by cybercriminals also pretending to work for the IRS (see