Security software vendor SonicWall delivered some predictable bad news to Internet users and procrastinating income tax filers this week, warning that a new crop of sophisticated phishing attacks are using the upcoming IRS tax filing deadline as a lure to extract people's most sensitive personal and banking information.
SonicWall officials said the new scam comes in the form of an unsolicited e-mail with a subject suggesting that IRS tax refunds are now available for those who click on the accompanying link and follow the missive's directions.
Those who succumb to the appeal of a quick or perhaps undeserved income tax refund are then prompted to provide bank card and identity information including Social Security numbers so the promised refund can be deposited into their accounts.
"As we've seen in the past, the weeks before April 15 are the most likely for taxpayers to see a rise in tax-related phishing emails," Leon Hilton, SonicWall's e-mail security expert, said in a statement.
"We predict that more than 100 million IRS related phishing emails will be sent to taxpayers in the days leading up to and after the April 15 tax filing deadline," he added.
IRS-related scams are nothing new.
Last fall, a new Cutwail botnet spam campaign was sending out more than 90,000 illicit messages an hour under the guise of being a direct communication from the IRS.
Once installed, the malware attempted to trick people into believing the IRS was following up on misreported data on their personal income tax returns and offered an opportunity to correct the errors.
Of course, the ruse was designed to collect users' names, bank account information and Social Security numbers to perpetrate identity theft.
The IRS has set up an educational Web site that offers information for tax filers who have questions about the rogue e-mails (the IRS does not use e-mail to contact filers for any purpose), and lists the various identity phishing scams and bogus IRS Web sites it has uncovered from its own investigations.
SonicWall security experts advise filers using online tax preparation or filing services to avoid clicking on any links included in unsolicited e-mails or even those that appear to be from legitimate service providers and log onto those sites directly before submitting any personal data.