An annual ritual in the United States is the payment of income tax to the Federal and State governments. As a predictable, yearly occurrence where a large number of people are preparing to pay large sums of money and entering their personal information into forms, the taxpaying season has naturally attracted its share of phishing scams.

"Phishing" is the practise of sending an email to a person purporting to be from a person in a position of trust, requesting the person to either reply with personal information or visit a website which will collect personal information. The information requested may be simply name, address, social security number and date of birth; possibly, the phisher may attempt to coerce the victim into revealing credit card numbers and expiration dates. The person coordinating the scam will then use the information collected in order to steal the identity of the victim.

Usually, even though the website and the email may look professional and legitimate, there are a number of signs that will give away the operation as a scam.

First, the IRS will never contact anyone by an unsolicited email: all official correspondence from the IRS arrives via the US Postal Service. In addition, the IRS will never ask for credit card numbers or other personal information via email.

Second, the only official website for the IRS is at http://irs.gov; if the email provides any other address, then it is a scam. Be aware that a hyperlink in an email may connect to some other location than it appears to connect to: hover your mouse pointer over the link, and you will be able to see the real address either in a statusbar at the bottom of your email client or in a 'tooltip' that will pop up after a few seconds.

Third, the spelling and grammar in the email may be unusual. Many phishing schemes are run from overseas, where it is unlikely that the phisher will be caught or prosecuted for their crime. As a result, the phisher's first language may not be English, and they may show this in their writing.

Finally, the email may not "feel" right. It may be unexpected, or there may be something odd about the language or the layout.

In all cases where you suspect that you have received a phishing email about the IRS, forward the email to phishing@irs.gov; the IRS has set up this address specifically for the purpose of tracking these scams. If you have not already done so, avoid visiting any websites linked in the email; they may contain programs that may attempt to gain access to your computer and install a virus or a trojan.

Above all, use your own common sense: if it seems too good to be true, then it probably is.

Learn more about this author, Munin.
Click here to send author comments or questions.

---

Add your voice

Know something about Internal Revenue Forms used for phishing trips?
We want to hear your view. Write now!