Don’t get taken in by tax-time phishing via phony IRS e-mails


There’s a group of thieves who are scheming about how to get your personal financial data this tax season and make no mistake about it – they’re good at what they do. Consumer Report’s Money Blog offers this advice: as you plan for tax season: Don’t become a tax-time phishing victim. No matter how authentic an e-mail from the Internal Revenue Service may look, the IRS doesn’t initiate taxpayer communications through email.
Know what you’re up against – educate yourself about phishing
According to Wikipedia, phishing is:

“…the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication. Communications purporting to be from popular social web sites, auction sites, online payment processors or IT administrators are commonly used to lure the unsuspecting public. Phishing is typically carried out by e-mail or instant messaging,[1] and it often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one. Even when using server authentication, it may require tremendous skill to detect that the website is fake.”

Some of the best consumer advice and resources can be found at the Anti-Phishing Working Group’s (APWG) site. The following tips are excerpted from their consumer guide on how to avoid phishing scams:

  • Be suspicious of any email with urgent requests for personal financial information
  • Don’t use the links in an email, instant message, or chat to get to any web page if you suspect the message might not be authentic – call the company on the telephone, or log onto the website directly by typing in the Web address in your browser
  • Avoid filling out forms in email messages that ask for personal financial information – you should only communicate information such as credit card numbers or account information via a secure website or the telephone
  • Always ensure that you’re using a secure website when submitting credit card or other sensitive information via your Web browser
  • Consider installing a Web browser tool bar to help protect you from known fraudulent websites
  • Regularly log into your online accounts to ensure that all transactions are legitimate
  • Ensure that your browser is up to date and security patches applied
  • Always report “phishing” or “spoofed” e-mails to the following groups: forward the email to reportphishing@antiphishing.org; forward the email to the Federal Trade Commission at spam@uce.gov; when forwarding spoofed messages, always include the entire original email with its original header information intact

Additional resources
FBI’s New E-Scams & Warnings
How to spot a fake website and not get phished
Stop. Think. Connect.