Today’s Scam of the day comes, as many others do, from my own email. It is a phishing email currently being sent to people purporting to be from the IRS that attempts to lure people who receive the email into clicking on links in the emails in order to update their income tax information. Unfortunately, when you click on the link one of two things will happen and both of them are bad. In some instances, you will be prompted to provide personal information that will be used to make you a victim of identity theft. In other instances, by clicking on the link, you will download keystroke logging malware that will steal information from your computer or other electronic device and use it to make you a victim of identity theft.
The first indication that this is a phishing email is that although it purports to have been sent by the IRS, the email address from which it was sent is not that of the IRS. Most likely the email address indicated is that of an innocent person whose email has been hacked into and taken over by an identity thief and made a part of a network of zombie computers used to send out such phishing emails. This network is called a botnet. In addition, the email asks you to validate your electronic filing status, which the IRS will never ask you to do. If you need to get an Electronic Filing PIN in order to file your tax return electronically with the IRS, you will need to go to http://www.irs.gov/Individuals/Electronic-Filing-PIN-Request where you will be prompted to provide information to verify your identity before receiving a PIN. In regard to the Form 1098 T that this phishing email describes, that is a form that educational institutions file with the government in regard to reimbursements or refunds of qualified tuition and related expenses. The IRS would not be providing that form to you.
The most important thing to remember is that the IRS will never initiate contact with you on any matter by an email or text message so whenever you get one that purports to be from the IRS, you should just delete it. If you have the slightest thought that any such communication is legitimate, you should merely contact the IRS directly to inquire about it.