Individual Liberty — Individual Responsibility 

Notice of Underreported Income

I keep getting these in my e-mail. I’ve probably received about two dozen of them in the last month or so. The thing is, I know they’re fraudulent.

Notice of Underreported Income
Internal Revenue Service [support@irs.gov]
To: perri@nofemotorsports.com

---

Taxpayer ID: perri-00000655419002US
Tax Type: INCOME TAX
Issue: Unreported/Underreported Income (Fraud Application)

Please review your tax statement on Internal Revenue Service (IRS) website (click on the link below):

review tax statement for taxpayer id: perri-00000655419002US

Internal Revenue Service

So, how do I know they're fraudulent? Well, for one thing, in the United States an ordinary citizen’s taxpayer ID is usually their social security number. Mine is, so the taxpayer ID given here isn’t mine. Secondly, the Internal Revenue Service has stated on their web site that “The IRS does not initiate taxpayer communications through e-mail”. Every single time that I have ever had a dispute with the Internal Revenue Service, the notification came through the U.S. Postal Service. Not only that, but I’ve never associated that particular e-mail address of mine with my social security number or tax returns. Third, this notice doesn’t say anything about which year or years that I allegedly failed to report all of my income.

And then there are the message headers…

Return-Path: unvarnishedm91@steiger-stiftung.de
Received: from 65.182.109.78 (LHLO mta9.brinkster.com) (65.182.109.78) by
mail5c.brinkster.com with LMTP; Tue, 10 Nov 2009 13:27:16 -0700 (MST)
Received: from localhost (localhost.localdomain [127.0.0.1])
    by mta9.brinkster.com (Postfix) with ESMTP id 3D6782480C7
    for <perri@nofemotorsports.com>; Tue, 10 Nov 2009 15:27:16 -0500 (EST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: 2.397
X-Spam-Level: **
X-Spam-Status: No, score=2.397 tagged_above=-10 required=5 tests=[BAYES_60=1,
    HTML_MESSAGE=0.001, MIME_QP_LONG_LINE=1.396]
Received: from mta9.brinkster.com ([127.0.0.1])
    by localhost (mta9.brinkster.com [127.0.0.1]) (amavisd-new, port 10024)
    with ESMTP id 9co4d0cmImRA for <perri@nofemotorsports.com>;
    Tue, 10 Nov 2009 15:27:11 -0500 (EST)
Received: from r4h16.net.upc.cz (r4h16.net.upc.cz [84.42.135.16])
    by mta9.brinkster.com (Postfix) with ESMTP id 37789493A73
    for <perri@nofemotorsports.com>; Tue, 10 Nov 2009 15:27:11 -0500 (EST)
Received: from 84.42.135.16 by mail.steiger-stiftung.de; Tue, 10 Nov 2009 21:26:56 +0100
From: "Internal Revenue Service" <support@irs.gov>
To: <perri@nofemotorsports.com>
Subject: Notice of Underreported Income
Date: Tue, 10 Nov 2009 21:26:56 +0100
MIME-Version: 1.0
Content-Type: multipart/alternative;
    boundary="----=_NextPart_000_0006_01CA6244.25E08610"
X-Mailer: Microsoft Office Outlook, Build 11.0.5510
Thread-Index: Aca6QN182MHJYVYDTR53TC3BV9TON2==
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
Message-ID: <000d01ca6244$25e08610$6400a8c0@unvarnishedm91>

Why on earth would the United States Internal Revenue Service direct return e-mail to a German email address (unvarnishedm91@steiger-stiftung.de)?  Also, why would e-mail from them be routed through a top level domain registered to the Czech Republic (r4h16.net.upc.cz?

One final clue that this is a fraudulent notice… The hyperlink provided for me to “review tax statement for taxpayer id: perri-00000655419002US” does not direct me to a U.S. government web site like “irs.gov”, although it does start with “www.irs.gov”. No, this hyperlink points at a server in the United Kingdom…

http://www.irs.gov.mikkuj.org.uk/fraud_application/directory/statement.php?email=perri@nofemotorsports.com&tid=perri-00000655419002US

I think it's particularly interesting that the application path for this so-called tax statement begins with the subpath “fraud application”. That is after all, what the application is designed for – to defraud the person that clicks on the links.

I recently wrote a warning about e-mail attachments. Here’s another one for you. Don’t trust hyperlinks you find in e-mail. Don’t click on them. It’s easy enough to make it look like a hyperlink that goes to a malicious site goes to a site that you think you can trust. When you hover over a hyperlink in many e-mail clients, a tooltip appears giving you an indication of where that link will take you. Don’t trust it! It’s easy enough in HTML e-mail to use the “TITLE” attribute on a hyperlink to make the tooltip say what you want it to.

Do you think you’re protected by the CAN-SPAM act? Think again. U.S. Law doesn’t apply to actions taken by people in another country. People with criminal intent to defraud you in the first place are already breaking laws regarding that fraud – why would they be deterred by other laws? That’s why spam continues unabated despite such laws.

Your best defense against this sort of thing? Use your head and don’t trust e-mail like this. Don’t open any attachments in the email, and don’t click on any of the links. If you are really concerned about possible tax liability, you can always write to the Internal Revenue Service directly. They provide addresses at their official website http://www.irs.gov/. They also provide warnings about this sort of e-mail.

“The IRS does not send out unsolicited e-mails asking for personal information. An electronic mailbox has been established for you to report suspicious e-mails claiming to have been sent by the IRS.”

If you want to report a phishing attack of this nature to the Internal Revenue Service, you can do so by submitting the eemail to phishing@irs.gov. They have instructions for doing this that will help to make certain that all of the information available in the message is used to stop the perpetrators.