The Internal Revenue Service (IRS) has issued an alert warning about a phishing scam targeting university students. A link in the emails leads to a phishing site that asks users to enter their Social Security number, name, date of birth, prior year Annual Gross Income, driver's license number, address, and electronic filing PIN.
“The Internal Revenue Service today warned of an ongoing IRS-impersonation scam that appears to primarily target educational institutions, including students and staff who have ‘.edu’ email addresses,” the alert states. “The IRS' firstname.lastname@example.org has received complaints about the impersonation scam in recent weeks from people with email addresses ending in ‘.edu.’ The phishing emails appear to target university and college students from both public and private, profit and non-profit institutions. Taxpayers who believe they have a pending refund can easily check on its status at Where's My Refund? on IRS.gov. The suspect emails display the IRS logo and use various subject lines such as ‘Tax Refund Payment’ or ‘Recalculation of your tax refund payment.’ It asks people to click a link and submit a form to claim their refund.”
The IRS says recipients of the email can report the scam to the IRS without clicking on the link.
“People who receive this scam email should not click on the link in the email, but they can report it to the IRS,” the alert says. “For security reasons, save the email using "save as" and then send that attachment to email@example.com or forward the email as an attachment to firstname.lastname@example.org. The Treasury Inspector General for Tax Administration (TIGTA) and IRS Criminal Investigation have been notified.”
The IRS also recommends mitigations for people who may have fallen for the scam.
“Taxpayers who believe they may have provided identity thieves with this information should consider immediately obtaining an Identity Protection PIN,” the IRS says. “This is a voluntary opt-in program. An IP PIN is a six-digit number that helps prevent identity thieves from filing fraudulent tax returns in the victim's name. Taxpayers who attempt to e-file their tax return and find it rejected because a return with their SSN already has been filed should file a Form 14039, Identity Theft Affidavit PDF, to report themselves as a possible identity theft victim. See Identity Theft Central to learn about the signs of identity theft and actions to take.”
New-school security awareness training can help your employees recognize phishing and other social engineering tactics.
The IRS has the story.