Published 11/24/07 (Modified 3/8/11)
By MoneyBlueBook

The Internal Revenue Service is at it again - trying to steal our hard earned dollars. Just kidding. This time it's not really the IRS, but someone trying to masquerade as them. Recently I've been receiving spoofed emails from someone trying to impersonate the IRS to solicit confidential financial information from me. Screenshot of the Scammer's E-Mail Message - looks real doesn't it? But it's a fake.

Spoofing and Phishing

Spoofed e-mails are forged messages where the e-mail header is altered to appear to have come from someone else other than the true source. Many of these spoofed e-mails come from scammers who send these messages out on a massive scale to unwitting recipients to try to get people to respond to them. Spoofed emails are frequently disguised to be from places of authority such as government agencies or banks, usually asking for sensitive and confidential data such as name, login, password, credit card numbers, and social security information. This disguised request for sensitive data is known as phishing and is a frequently used tactic by scammers to fish for and steal confidential information. Be careful, once confidential financial data has been harvested, the stolen information is usually used for criminal purposes.

I've seen so many of these types of spoofed e-mails from scammers over the years, mostly disguised to be from well known banks like Wells Fargo, Citibank, Sun Trust, and other major online sites like PayPal, eBay, and now the Internal Revenue Service. Through the untrained eye, it might be easy to fall for these types of spoofed phishing attempts but if you know what to look out for, you'll be better prepared to distinguish faked messages from legitimate e-mails.

Things to Know and To Look Out For:

1. First of all, be aware that they exist and that more likely than not you will receive them at some point or another, particularly if you ever give out your e-mail address for any online service.
2. Keep in mind that most legitimate companies will rarely solicit confidential data from you directly. In fact, most banks and credit card companies routinely remind customers that they will never ask them to send personal or financial information by, or in response to, via a link in an e-mail.
3. Know the type of sensitive personal and financial information that scammers attempt to phish for - passwords, pins, credit card validation codes (the three digit number on the back of your card), debit or credit card numbers, bank account information, and social security numbers. Always safeguard this information closely.
4. When you do receive a seemingly legitimate email that asks for you to click on a link or if it asks for any personal information, ask yourself, was the e-mail solicited or not? If it was not requested by you, chances are it may be a spoofed email from a scammer.
5. Avoid clicking on links from unsolicited e-mails altogether. The safest and most trusted way to visit a website is to go directly there by typing it into your web browser and bookmarking it.
6. If you do want to click on a link contained in an email message, check out the link's website address (URL) before proceeding further. Does the revealed website address match the company's true domain name? In the case of the email that I received, the address was listed with the number zero for the letter "O" in "IRS.GOV", a red flag indicator that the e-mail was originating from a spoofed domain.
7. Scammers are lousy spellers as many of them are located in scam and fraud friendly countries such as Nigeria, Romania, and Indonesia. The scammers from these countries tend to have either horrendous English language skills or have a tendency to unnecessarily overuse big words in their writing. If there is even a single spelling or grammatical mistake, your antennae should go up immediately and put you on alert.