Skip navigation.
You'll Feel Right At Home

IRS Notice of Underreported Income Phishing E-Mail

One of our employees who prepares taxes received the following e-mail at work.  The e-mail purports to be from the IRS and has a return address of "Internal Revenue Service" at  Much like anything that comes from the IRS, our employee took notice of this, but was vigilant enough to feel that the e-mail smelled fishy.  The e-mail was delivered to one employee, but the address referenced another employee, was delivered from the internet with the "high importance" flag set, and the IRS never sends a clear text link to individual specific tax information.

A sanitized version (where I removed the name that the e-mail ostensibly addressed and the link to the nasty site) of the text of the message is below:

Taxpayer ID: name.redacted-00000174073547US
Issue: Unreported/Underreported Income (Fraud Application)
Please review your tax statement on Internal Revenue Service (IRS) website (click on the link below):

review tax statement for taxpayer id: name.redacted-00000174073547US 

Internal Revenue Service

From within Outlook, if you right-click on the suspect message and pull up "options,"  you will get the "Internet Headers" of the e-mail message - these will tell you where the e-mail really came from.

In the case of our e-mail, the pertinent information was the "Received: from" line:

Received: from ( [])

If this was a valid e-mail from the IRS, the address would have resolved back to the domain (just as the spoofed return address claimed to do).  In this case, the e-mail appears to be from a spambot computer located on the ISP.

Checking out the link in the e-mail, the link was to:  - most definitely a phishing site.   Although the front of the address looks like an site, the is the actual domain where the site is located. 

This e-mail is a good example of why you should be, at the minimum, suspicious of any e-mail that claims to need immediate action or tries to scare you into the action of going to a website. 

More information on this phishing e-mail can be found at

If you receive such a phishing e-mail, the IRS has instructions on how to report it.  Please note that this is a TinyURL redirector because the IRS uses URL's that interfere with the leaving this page warning.  The real URL of the IRS Phishing Report page is,,id=179820,00.html