WASHINGTON – People should be on the lookout for a new e-mail scam soliciting donations to California wildfire victims in the name of the Internal Revenue Service and the U.S. government, the IRS said Friday.
The tax agency said the bogus e-mails appear to be a "phishing scheme" that tries to trick recipients into revealing personal and financial information that can be used to steal a person's assets.
The IRS said it does not send e-mails soliciting charitable donations and never asks people for the PIN numbers, passwords or other secret information for credit card, bank or other financial accounts.
People "should avoid opening any attachments or clicking on any links until they can verify the e-mail's legitimacy," IRS Deputy Commissioner for Operations Support Richard Spires said in a statement.
The agency said the scam e-mail urges recipients to click on a link, which opens on a fake IRS Web site. That site includes a link to a donation form that requests the recipient's personal and financial information.
The IRS said it also believes that clicking on the link downloads malware, or malicious software, onto the recipient's computer. That software will steal passwords and other account information it finds on the victim's computer system.
It urged those who received the scam e-mail to help the IRS shut down the operation by forwarding it to firstname.lastname@example.org, using instructions found in "how to protect yourself from suspicious e-mails or phishing schemes" on the genuine IRS Web site, http://www.irs.gov.
Since the mailbox was established last year, the IRS has received more than 30,000 e-mails from taxpayers reporting almost 600 separate phishing incidents.