It’s tax time, and prime time for fraud.

Despite warnings, citizens are still falling for bogus tax refund scams. The most recent scam involves hackers posing as government tax office officials. Filers were sent phishing e-mails promising refunds, roughly in the amount of $710.00. All they needed to do was provide is a valid credit card to refund the money to! 

That’s a tempting chunk of change for most, and an offer many find too difficult to pass up. Refund scams, especially those e-mails claiming to be from an “official” entity have been wildly popular among hackers for one simple reason–they work. Although this phishing scam was discovered in the UK, it continues to happen in the U.S. Phishing e-mails claiming to be from the IRS have supplied significant hacker bait. There’s no shortage of warnings on the IRS website about tax-related phishing scams, especially those using e-mail and telephone.

Although it was clearly amateur hour for the UK hackers–the e-mail subject lines were formatted poorly, and the sender’s address had nothing to do with the government – it shows just how easily human nature is tempted. After all, nobody’s perfect, and who wouldn’t want a tax refund they didn’t expect? The hackers’ first tactic was placing a sense of urgency on the refunds, saying they would expire on the same day the phishing e-mail was received. Those who took the bait were redirected to fake web pages. The first looked like a Microsoft Outlook page, requiring login credentials, including passwords. Once that was stolen, a new page popped up with only boxes to provide some very sensitive information–full credit card details including the security code, date of birth, mother’s maiden name, and more. Quite simply, everything necessary to steal your credentials and money.

It may be difficult to believe someone would fall for such a poorly constructed scam, but the list of e-mail phishing victims continues to grow. In the U.S. as well as the UK, vigilance toward these scams is always needed, and there are some basics to remember should you receive an e-mail promising something too good to be true.

First and foremost, if an offer sounds too good to be true, assume it is. Hackers preying on emotions have no shortage of success. Remember, as far as taxes are concerned in the U.S., the IRS never initiates contact by e-mail or phone. 

The U.S. mail is the only way you will know the sender is legitimate. 

As this UK tax scam proved, paying attention to details is crucial. Always look for poorly written content as well as typos, and always check the sender’s URL address. If others paid attention to these details in the UK, it may have prevented a lot of heartache. It’s certainly no different in the US, where e-mail phishing and tax scams continue to have enormous success despite continued warnings by the IRS. Being vigilant against e-mail phishing is the best route to staying secure, no matter whom the e-mail claims to be from and what the subject line claims to offer.