From the Kenosha News on 2-12-06

Learn to recognize scams and phishing attempts

Today, three colleagues forwarded to me the slickest e-mail phishing attempt I've seen. "Phishing" is an attempt to steal your identity or other valuable information by getting you to e-mail it or enter it in an on-line form. This latest message appears to come from the IRS, offering a way to track your tax refund on-line. It is a scam.

The message begins with the official IRS blue logo and then reads as follows:

"You filed your tax return and you're expecting a refund. You have just one question and you want the answer now - Where's My Refund?

Access this secure Web site to find out if the IRS received your return and whether your refund was processed and sent to you.

New program enhancements allow you to begin a refund trace online if you have not received your check within 28 days from the original IRS mailing date. Some of you will also be able to correct or change your mailing address within this application if your check was returned to us as undelivered by the U.S. Postal Service. "Where's My Refund?" will prompt you when these features are available for your situation.

To get to your refund status, you'll need to provide the following information as shown on your return:

  • Your first and last name
  • Your Social Security Number (or IRS Individual Taxpayer Identification Number)
  • Your Credit Card Information (for the successful complete of the process)

Okay now, Where's My Refund?

Note: If you have trouble while using this application, please check the Requirements to make sure you have the correct browser software for this application to function properly and check to make sure our system is available."

Here's how to tell that this is a scam:

  1. Float your mouse over the "Where's My Refund?" link. Normally, it should point to an address at irs.gov, but this link goes to "album.vamason.org/.www.irs.gov/" In many phishing attempts, the address begins with a number, like 222.120.34.16, which is harder for law enforcement to trace.
  2. Show the "complete headers" of the message. There's generally a button or icon in your e-mail program for this. Headers show the technical information about where the message is really from. While the message says it's from refund@irs.gov, the full headers reveal the return path as root@host115.ipowerweb.com – a strong indication this is a scam.
  3. Use common sense. The IRS or any other reputable establishment would NOT send you an e-mail with a link in it or request a credit card number in order to tell you where your refund is.

Actually, you really CAN track your refund on-line. Go to www.irs.gov and click on the Where's my refund? link. You'll see that the text on the screen is exactly the same as in the scam e-mail except that it doesn't ask for a credit card number or your name! And float your mouse over the link on the real IRS page and you'll see that it points to an irs.gov address – not the one in the scam e-mail.

These three tips for recognizing a scam apply equally to e-mail that you get claiming to be from Ebay, PayPal, your bank, or anyone else.

By Carol Sabbar from the Kenosha News on 2-12-06