A new type of phishing scam has been noticed last week, which offers a tax refund from the US IRS (Internal Revenue Service). the e-mail states that the IRS has been monitoring the receiver's financial activities, and that he is elligible for a refund, the amount of which is cleverly set at “$309.1” or some other uneven number so as not to seem fishy (phishy, in this case). There is a link in the email leading you to a website which says “Get Your Tax Refund!” (you can even imagine the enthusiastic voice, a la, “BUY ONE, GET ONE FREE”). The website is quite similar to a real IRS website, which instead asks a question “Where's my refund?”. Not unlike the legitimate website, the phishy one asks that you provide your social security number and filing status. It is, however, far more curious and also asks for your credit card information. This way, people wanting to receive the tax refund that they've earned, may instead lose some money as a fine for believing spam-mail.
The IRS has become a popular mask for fraudsters, who have been reported to be warning people that they are investigated for avoiding taxes (and asking for their credit card information afterwards) as well as other similar schemes. 240 different versions of IRS-mimicking phishing emails have occurred since last year.
It is quite simple to recognize these schemes, since the IRS has said on numerous occasions, that they never send unsolicited mail and even less frequently than 'never' do they ask for such personal information as PIN codes, passwords and other secret personal information.
The IRS encourages users to send phishing emails to their inbox firstname.lastname@example.org.