Press Releases

Browse our press release archive

04 Jul 2006

Bogus $63.80 IRS tax refund could put your finances at risk

Phishing email targets North American taxpayers

Experts at SophosLabs™, Sophos's global network of virus, spyware and spam analysis centers, have warned of a bogus email that tells taxpayers that they are eligible to receive a tax refund from the Internal Revenue Service (IRS).

The spammed email poses as a federal tax refund for $63.80, but has actually been designed by hackers to steal confidential information from individuals.

The emails, which have the subject line "IRS Notification - Please Read This", claim that IRS has determined that the recipient is eligible to receive a tax refund, and is invited to visit a website to submit their bank information to receive the money.

The phishing email invites taxpayers to visit a bogus website to collect a non-existent refund

The phishing email invites taxpayers to visit a bogus website to collect a non-existent refund.

However, the website is disguised to appear like the real IRS website, and is designed to steal the user's social security number and credit card details.

The bogus website is disguised to look like the real IRS website, but is designed to steal information

The bogus website is disguised to look like the real IRS website, but is designed to steal information.

"The criminals behind these emails are banking on people's desire to get money back off the taxman," said Graham Cluley, senior technology consultant for Sophos. "Taxpayers who visit the bogus website risk handing over their social security numbers and credit card details straight into the hands of hackers. The fact is that the IRS never uses email to tell taxpayers that they are eligible for a refund."

Following a spate of email phishing campaigns the IRS has published advice on its website for computer users on how to avoid phishing emails.

Earlier this year, Sophos revealed in a survey that 58% of people receive a phishing email every day, and the company recommends that computer users protect themselves with a consolidated solution which can defend against the threats of spam, spyware and viruses.

Organizations concerned about being fraudulently represented in phishing campaigns can sign up to the Sophos early warning system, Sophos PhishAlert.

About Sophos

More than 100 million users in 150 countries rely on Sophos as the best protection against complex threats and data loss. Sophos is committed to providing complete security solutions that are simple to deploy, manage, and use and that deliver the industry's lowest total cost of ownership. Sophos offers award-winning encryption, endpoint security, web, email, mobile and network security solutions backed by SophosLabs - a global network of threat intelligence centers.

Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.