A fake IRS email attempting to swindle people out of their tax refund has been making the rounds ahead of tax day.
Government officials said about 95 percent of emails on the Internet purporting to be from the IRS are fake, part of an annual attempt to catch unknowing people.
“Like the sun rises in east and sets in the west, every year, come April, phishers who specialize in tax fraud come out to try to get you,” says Patrick Peterson, CEO of security firm Agari.
The fake IRS email is made to look like an officials correspondence from the agency, but is really an attempt to get personal information out of people who respond. Experts said the cybercriminals responsible for the fake emails are experts in state and fedral tax laws and can create bogus tax forms that they ask people to fill out.
Once they have that information, the scammers can find out if a tax refund has been filed and modify where a refund should be sent.
Online security experts say the problem is confounded by the fact that the IRS hasn’t adopted a new technical standard known as DMARC, which stands for Domain-based Message Authentication, Reporting & Conformance. This system standardizes how major companies send out emails and can block fake ones.
“Companies and organizations need to take a proactive approach to protect their consumers from phishing by implementing the DMARC standard,” Peterson said. “Until then, these types of attacks will continue to occur.”
The IRS has faced other problems online. As tax day approached, the agency’s Where’s My Refund IRS tool became overrun and had problems operating.
IRS spokesman Terry Lemons noted that the Where’s My Refund website and tool has been overwhelmed this 2013 year: “I think what we’re seeing is just part of the natural evolution in the refund process. Twenty-five years ago, you desperately checked the mailbox every day.”
IRS experts also warn people that if they get an email from the agency asking for information, it’s a fake and should be deleted.