Researchers Warn Of Coming Tax Scams

Phishing scams playing off the impending April 15 deadline for filing federal taxes are on the upswing, a security company said Monday, and more schemes are in the works.

San Diego-based Websense, Inc. said that its researchers have monitored a recent rise in the number of phishing attacks via fraudulent e-mails and Web sites that spoof the Internal Revenue Service (IRS). Several of the ongoing phishing campaigns link to compromised servers beyond U.S. borders, a finding acknowledged last week by the IRS when it issued yet another warning about bogus sites and messages masquerading as notices from the IRS.

Tax-related scams aren't unusual.

"Cyber thieves sit back and wait for current events such as tax season," said Dan Hubbard, senior director of Websense's security research, in a statement. "With tens of millions of online users filing their taxes on the Internet, many Web filers readily disclose personal identifiers such as network passwords, Social Security numbers, bank account numbers, or their mother's maiden name.

"The combination of having a large pool of potential users to target and the timeliness of the current event could lead to high numbers of both consumer and corporate victims," added Hubbard.Last week, the IRS reminded Americans that it doesn't request PIN numbers, passwords, or similar access information for their credit card or bank accounts. It also detailed several recent scams -- as many as 12 sites hosted in 11 different countries are involved -- and offered up tips on avoiding identity theft.

"There does seem to be a proliferation of them this filing season," Richard Morgante, commissioner of the IRS wage and investment division, told the Associated Press last week. "We have more thieves trying to take advantage of the filing season than we've seen in the past."

Although Websense noted that the spurious sites can closely resemble the real deal -- and often include "IRS/claimrefund/caseid" or "www.irs.gov" in the address of the bogus URL -- users can easily avoid the fraudsters by not clicking on links in suspicious e-mail messages, and instead typing "www.irs.gov" directly into their browser's address bar.

Users who receive phony e-mails claiming to be from the IRS should file a complaint with the Treasury Inspector General for Tax Administration, or call the agency's hotline of 800-366-4484.