While most people would relish getting money back from the IRS, recent emails notifying users of IRS refunds are part of a phishing ruse which uses texts that mimics a campaign from 2006, according to blog post by researchers at PhishMe.
If a user clicks on a link in the email, they're asked to fill out a form that includes a request for credit/debit card information. Once they submit the form they receive an error message that the page didn't work. PhishMe notes that the attack is classic phishing, but it is most certainly a clumsy attempt complete with misspelled words and a data field that lets the victim specify the amount of the refund.
The text and format mirror a previous campaign found archived on an IRS phishing webpage. The email originated in Tel Aviv, the blog post said.
