It's tax season, and that means IRS-related phishing scams are ramping up.
One such fake e-mail hitting in-boxes this past week asks "U.S.-based employers" to complete an "updated" version of the government's W-2 form because of "important changes" within the forms. The updated form is conveniently attached to the e-mail.
The first red flag is that it pretends to be an e-mail from the IRS, said Internal Revenue Service spokesman David Stewart.
The IRS does not contact people via e-mail or request bank-account, financial or other personal information online, he said.
People who recognize the e-mail as a phishing scheme don't fill out the form divulging any personal information. But even clicking on the attachment could download malicious software designed to search a computer for bank-account numbers, credit-card numbers, passwords and PINs.
Although the public has become more savvy about e-mail scams, "people still fall for this stuff," Stewart said.
One reason is that the come-ons have become more sophisticated. They may use real IRS forms, telephone numbers and Web-site addresses to try to trick people into thinking the e-mail is legitimate.
"In the old days, you could spot (a phishing scheme) right away," Stewart said. The e-mails typically contained lots of typos, for instance, he said. "Today, they look more slick and lift graphics right off our Web site."
The W-2 e-mail isn't particularly sophisticated, but it does use legitimate IRS phone numbers and Web-site addresses.
People who suspect they've received a scam e-mail should not open it or click on any attachments or links, even if the addresses look legitimate.
Forward any suspicious IRS-related e-mails to phishing(at)irs.gov. The agency can trace the e-mail to the Internet server that sent it.
"A lot of these servers are offshore," Stewart said. "We've had great success working with other countries getting to that server and shutting it down."
Must credit Pittsburgh Post-Gazette