Well, assuming you are a US taxpayer, and don’t expect to see the message in an email.
Tax day is past and now it is time for the fake IRS emails and scams. What of you didn’t pay enough taxes or are owed a refund? The IRS isn’t going to send you an email about that. If you look at http://www.irs.gov/privacy/article/0,,id=179820,00.html?portlet=1, the IRS makes it very clear…
The IRS does not initiate taxpayer communications through e-mail.
* The IRS does not request detailed personal information through e-mail.
* The IRS does not send e-mail requesting your PIN numbers, passwords or similar access information for credit cards, banks or other financial accounts.
* Report suspicious e-mails and bogus IRS Web sites to firstname.lastname@example.org.
If you receive an e-mail from someone claiming to be the IRS or directing you to an IRS site,
* Do not reply.
* Do not open any attachments. Attachments may contain malicious code that will infect your computer.
* Do not click on any links. If you clicked on links in a suspicious e-mail or phishing Web site and entered confidential information, visit our Identity Theft page. http://www.irs.gov/privacy/article/0,,id=186436,00.html
* Use the following steps to report the e-mail or bogus Web site to the IRS.
There are sample phishing emails on the IRS web site and links to places to get more information, such as http://www.onguardonline.gov/default.aspx
For a list of the IRS’s “dirty dozen tax scams for 2010 check out http://www.irs.gov/newsroom/article/0,,id=220238,00.html.
Of all of the phishing scams, IRS scams are among the easiest to spot. The IRS is not going to send you an email.
For more information about avoiding all kinds of phishing scams, see my article on the San Diego Chamber of Commerce web site. It’s called “Anti-Phishing Made Easy”
Director of Technical Education
Author ESET Research, ESET