The IRS issued a statement Wednesday warning consumers of the scam e-mail messages, which appears to come from firstname.lastname@example.org and contains a link to a phishing Web site that collects Social Security and credit card information. But one anti-virus software company claims a flaw in a U.S. government Web site may be helping the scammers.
The phishing e-mail claims that the IRS owes the recipient several hundred dollars and provides a Web page link to a page from which they can allegedly claim the tax refund, according to a statement from Sophos PLC, a U.K.-based anti-virus software company. Researchers at Sophos first spotted the IRS messages on Monday, said Graham Cluley, senior technology consultant at Sophos.
The tax collection agencys warning fails to mention that a page on another government Web site is used in the scam, he said.
The Web link points to a page on the govbenefits.gov Web site that bounces the user to the phishing site. The page was apparently designed to forward visitors to different parts of that Web site but doesnt limit forwarding to pages in the .gov domain, said Cluley.
GovBenefits.gov is a Web portal that pulls together information from 10 federal agencies, including the Departments of Labor, Agriculture, Education, Energy, Health and Human Services, Homeland Security, Housing and Urban Development, State, Veterans Affairs, and the Social Security Administration.
The IRS does not have any control over the govbenefits.gov Web site, and the agency is not aware of any problem with its Web site, said Eric Smith, an IRS spokesman.
The IRS issued the warning days after being informed of the scam and wanted to inform consumers that the agency does not ask for personal information in unsolicited e-mail messages, said Smith.
The problem with the govbenefits.gov Web site isnt serious and doesnt leak sensitive data about individuals. However, it does provide an easy way for scam artists to make their phishing attack more convincing, Cluley said.
The phishers even advise recipients to cut and paste the Web link into their Web browser rather than clicking on it, Sophos said.
The Web site flaw makes for a potent attack when coupled with a convincing phishing Web page and the "rabid excitement" of consumers who believe they are getting a windfall payment from the government, he said.
Consumers who received an e-mail regarding a refund should call the IRS and determine whether or not they were being contacted about a refund, the IRS said.