Scammers typically kick into high gear during tax season in the United States, which tends to bring with it a spike in phishing attacks that spoof the Internal Revenue Service. Take, for example, a new scam making the rounds via email, which warns of discrepancies on the recipient’s income tax return and requests that personal information be sent via fax to a toll-free number.
A new phishing campaign that began sometime in the last 24 hours is made to look like it was sent from email@example.com, and urges recipients to fill out, print, and fax an attached PDF tax form. From the scam email:
*This is in reference to your 2010 U.S. Individual Income Tax Return we seem to have some discrepancies with your filing. If you have already filed for your 2010 tax refund please get hold of a new form 1040 and
mail it to the Department of the Treasury in your region.*
*If for any reason you have not yet filed for your 2010 Individual
Income Tax Return please print out the attached PDF form, fill it and
fax it to the IRS data center on (866) 513-7982 within 24 hours.*
*This has no bearing on your 2010 U.S. Individual Income Tax Return,
this to update our data and survey while we prepare to close the 2010
tax filing season.*
*Thank you *
That 866- phone number is currently returning a fast-busy signal, which suggests either that a lot of people are falling for this scam, or that anti-scammers are speed-dialing the number in a bid to prevent would-be victims from faxing in their forms. My guess is that this scam is tied to some kind of automated service that scans faxes and then emails the phishers copies of the scanned images.
It’s worth noting that the data requested in this bogus IRS form includes the Social Security number, e-File PIN and adjusted gross income, all of which are crucial pieces of information that the IRS uses to authenticate taxpayers.
The IRS has been careful to note that while it may conduct follow-up correspondence with taxpayers via email if the taxpayer chooses to communicate that way, it will never reach out to taxpayers via email. Consumers can report any tax-related phishing scams to firstname.lastname@example.org.