It’s tax season in the United States and the April 15th filing deadline is approaching quickly. Every year around this time U.S. citizens stress about getting their finances in order and reported to the Internal Revenue Service in time to avoid penalties. Careful though, because that nervousness might just help a cyber criminal steal your identity. A fake IRS Tax Form (1042-W, which apparently doesn’t even exist) has been spammed out and is currently circulating on the Internet.
The e-mail arrives disguised as an official correspondence (irs@irs.gov) from a rep named Cindy at the Internal Revenue Service.
Two PDF attachments are included with the email, both of which were authored in Microsoft Word 2007.
The first document introduces the 1042-W form and reads:
Dear Sir/Madam,
Our record indicates that you have not submitted your form 1042-W. As a result, you are exempted from United States of America Tax reporting and withholdings, on interest paid you on your account and other financial dealing to protect your exemption from tax on your account and other financial benefit in rectifying your exemption status.
Therefore, you are to authenticate the following by completing form 1042-W, and return to us as soon as possible through the fax number: +1-780-669-7364
The second PDF document is the form itself. It asks for the following:
- Name
- Date of Birth
- Nationality
- Place of Birth
- Address
- Passport Number
- Mothers Maiden Name
- Social Security Number
- Profession
- Bank Name/Account/Pin – Date bank account was opened and branch location
- Attached photocopy of passport
After completing the form, the instructions call for faxing it over to a phone number (+1-780-669-7364) located in Alberta, Canada.
Sending this form over to the criminals would most definitely result in a stolen identity. The IRS has stressed year after year that it does not make unsolicited requests via e-mail.   Here are some tips on how to spot an IRS scam and what to do if you receive one in your inbox:
How to Spot a Scam
Many e-mail scams are fairly sophisticated and hard to detect. However, there are signs to watch for, such as an e-mail that:
- Requests detailed or an unusual amount of personal and/or financial information, such as name, SSN, bank or credit card account numbers or security-related information, such as mother’s maiden name, either in the e-mail itself or on another site to which a link in the e-mail sends the recipient.
- Dangles bait to get the recipient to respond to the e-mail, such as mentioning a tax refund or offering to pay the recipient to participate in an IRS survey.
- Threatens a consequence for not responding to the e-mail, such as additional taxes or blocking access to the recipient’s funds.
- Gets the Internal Revenue Service or other federal agency names wrong.
- Uses incorrect grammar or odd phrasing (many of the e-mail scams originate overseas and are written by non-native English speakers).
- Uses a really long address in any link contained in the e-mail message or one that does not start with the actual IRS Web site address (www.irs.gov). To see the actual link address, or url, move the mouse over the link included in the text of the e-mail.
What to Do
The IRS does not initiate taxpayer contact via unsolicited e-mail or ask for personal identifying or financial information via e-mail. If you receive a suspicious e-mail claiming to come from the IRS, take the following steps:
- Do not open any attachments to the e-mail, in case they contain malicious code that will infect your computer.
- Do not click on any links, for the same reason. Also, be aware that the links often connect to a phony IRS Web site that appears authentic and then prompts the victim for personal identifiers, bank or credit card account numbers or PINs. The phony Web sites appear legitimate because the appearance and much of the content are directly copied from an actual page on the IRS Web site and then modified by the scammers for their own purposes.
- Contact the IRS at 1-800-829-1040 to determine whether the IRS is trying to contact you.
- Forward the suspicious e-mail or url address to the IRS mailbox phishing@irs.gov, then delete the e-mail from your inbox.