Sample IRS Phishing E-Mail
Sample IRS Phishing E-Mail
In 1990, Garth Brooks sang about his “friends in low places.”

Sorry Garth, I can’t relate.

Thanks to the magic of e-mail, I’ve discovered that I have quite a few friends in really high places.

There’s Dr. Mohamed Achour, the Nigerian Prince who values my friendship so much that he wants to wire me $4.5 million – no questions asked.

And let us not forget Mr. Mohammed Omar, Secretary to the Manager of the Foreign Remittance Department of an unspecified bank in Senegal. Mr. Omar wants my help in smuggling $20 million out of his country and into the safe haven that is the U.S. Banking System (does he not watch the news?).

Although their BLATANT MISUSE OF THE CAPS LOCK KEY and butchered English can get annoying, my foreign friends really don’t ask for much. Just a return e-mail. And a bank account number.

If you have an e-mail account, I’m guessing you have run into some of these characters too.

Now that everyone has caught onto the “strange guy needs to move money out of the country” scam, fraudsters are turning to more sophisticated methods in their never-ending attempt to pry sensitive data like social security numbers and banking information from unsuspecting computer users.

One particularly effective method is the “phishing” e-mail. These messages, which look like legitimate communications from actual companies, harvest personal information in a couple of ways. A typical phishing e-mail will contain a link along with a message asking the recipient to update their account information. Once the link is clicked, the user is redirected to a site where they are instructed to put in their personal data, which then goes directly to the scammers. A second variation installs spyware and other malicious software onto the user’s computer if they click the links contained in the message.

For spammers, the success of any phishing e-mail is predicated on fear. If a recipient is scared into believing that a problem really does exist, they will be more likely to follow the dangerous links.

That’s why the latest phishing e-mail, a spoof of an IRS notice of underreported income, could turn out to be a big headache for a lot of people.

The fake IRS e-mail arrives in inboxes with the subject of “Notice of Underreported Income.” The sender name shows up as “Internal Revenue Service.”

Those two items are enough to give some people a heart-attack before they even open the e-mail.

Once opened, the e-mail instructs recipients to review their tax statement by clicking on a link supplied in the message. At that point, if you’re panicked enough to click the link, they’ve got you.

Thankfully, there are a few simple steps you can follow to avoid becoming a victim of phishing e-mails, like the IRS Notice of Underreported Income.

Never Divulge Personal Information Via E-Mail

No legitimate company or governmental entity is going to request detailed personal financial information from you via e-mail. Ever. As such, you should never give up this information just because an e-mail asks you to. If you ever have any doubt about the status of your account due to an e-mail you’ve received, pick up the phone and call the company directly or visit the company’s website (but not through the suspected e-mail). Most corporate sites have pages warning their customers of the various phishing scams that are circulating.

Keep Your Internet Browser and Virus Software Updated

The latest versions of Microsoft Internet Explorer (7.0 and up) and Firefox (3.0) contain anti-phishing toolbars that can protect you from fraudsters. These browsers cross-check the sites you are visiting or the links you are clicking against a database of known phishing sites. Should you venture down an unsafe path, you’ll get a friendly warning.

Help Cut the Phishing Line

You can help stop the scammers by sending the phishing e-mails you receive to federal authorities, who will then use the information to track down criminals. and are two e-mail addresses that accept your forwarded phishing e-mails. When forwarding the e-mails, always send the entire original message and leave the subject line intact.

By following these guidelines, and exercising a little common sense, you should be able to avoid falling victim to internet phishing scammers – at least until they come up with something else. Which, you can be sure will happen sooner or later.