A criminal organization is sending e-mail messages trying to use the current round of stimulus payments to get U.S. taxpayers’ personal information.
The messages appear to come from the Internal Revenue Service and say, “Our records indicate that you are qualified to receive the 2008 Economic Stimulus Refund.” The message contains a link to a web page that has Internal Revenue Service branding. The criminals who are impersonating the Internal Revenue Service hope taxpayers will fill out the form with information on their bank accounts.
This is a typical phishing scheme, in which anonymous and fraudulent messages ask for personal information. Phishing has worked to a slight extent because a few of the people who are new to computers imagine that the rules of self-protection that apply when you are out on the street do not apply on the Internet. The unfamiliarity of the stimulus payments might lead a few more people to mistake these criminal messages for legitimate messages.
To protect yourself, treat unsolicited e-mail messages with the same skepticism that you would apply to unsolicited advice from a stranger on the street. Remember that the “From” header in an e-mail message is just an assertion by the person who sent the message. Getting an e-mail message “from” “irs.gov” is like having a stranger come up to you on the street and say, “Hi, I’m with the IRS! How about telling me your bank account numbers?” When you see it this way, it is harder to mistake this kind of fraudulent message for a legitimate one.
In reality, the stimulus payments are based solely on the information in 2007 income tax returns. If you filed a 2007 return, then you are probably getting a stimulus payment. There is no other way to sign up. You can just ignore anyone who tries to tell you how to apply for a stimulus payment.