After several notices this year, I finally received my first phishing attempt by folks masquerading as the IRS. Here is their note below:
After the last annual calculations of your fiscal activity we have determined that you are eligible to receive a tax refund of $2839,49. Please submit the tax refund request and allow us 3-9 days in order to process it.
A refund can be delayed for a variety of reasons.
For example submitting invalid records or applying after the deadline.To access your tax refund, please click here <link removed>
Best Regards,
Tax Refund Deparment
Internal Revenue Service
© Copyright 2008, Internal Revenue Service U.S.A. All rights reserved.
TAX REFUND ID: IRS822513
Really, it’s not too terrible of an attempt apart from the spelling of “Deparment”, but there are two things wrong with it. First, the currency listed isn’t quite in the format used in the United States. We clearly don’t use commas to separate dollars from cents. Second, the link provided is nowhere near close to something the IRS would use. It links to some real estate search engine on a .net domain.
Upon closer inspection, this email originated from a hotel in the Florida Keys:
Received: from User ([64.115.223.202]) by WestinKeyWestResort.com with Microsoft SMTPSVC(6.0.3790.1830);
I bet they have an unsecured Wi-Fi network that opens up a slippery slope of nefarious activity.
Hopefully all advisers are taking steps necessary to educate clients about the dangers of email communication. The IRS website has very useful information on reporting phishing attempts and see samples of previous communications that try to obtain private information under false pretenses.