• United States



by Dave Gradijan

IRS Warns of Cybersquatters: Be Careful Where You Reveal Personal Data

Mar 16, 20073 mins
CSO and CISOData and Information Security

If you’re paying taxes to the U.S. Internal Revenue Service, there is only one URL you need to know:

That’s what the U.S. tax collecting department said this week in a note on its website, warning taxpayers of tax season scams and reminding them that websites like are not affiliated with the U.S. government.

“Taxpayers may be confused by the proliferation of Internet sites that contain some form of the Internal Revenue Service name or IRS acronym with a .com, .net, .org or other designation in the address,” the IRS said in its note. “Since many of these sites also bear a striking resemblance to the real IRS site, taxpayers may be misled into thinking that the site they have accessed is indeed the official IRS government site.”

The IRS’s warning comes just weeks after Rep. Edward Markey, a Massachusetts Democrat, wrote the IRS, the U.S. Federal Trade Commission and the Department of the Treasury complaining that the operators of the, and websites “may be trying to pass themselves off as official IRS websites.”

All of these sites contain notices on their front pages indicating that they are not affiliated with the IRS, but that was not enough for Markey. “I am not convinced that the fine-print disclaimers at the bottom of these sites stating that they are nongovernmental provide any meaningful protection to consumers,” he wrote.

Markey, who is chairman of the House Subcommittee on Telecommunications and the Internet, called on the government agencies to intervene and put an end to what he called a “threat to the public interest.” is the third result that comes up in a search for the term “IRS.” The site itself appears to generate revenue by referring readers to a variety of tax-related services from companies like American Express, Visa U.S.A. and 2nd Story Software, makers of TaxACT software.

The IRS note also warned of an ongoing phishing scam, where consumers are told that they have qualified for a federal tax refund. They are then referred to fake IRS sites that ask them for information like Social Security and credit card numbers.

Security experts say they have yet to see these phishing scams in 2007, but they are expected to begin popping up around the April 15 U.S. tax filing deadline. Last year about 75 such websites were seen, beginning on April 12, said Robin Laudanski, team lead with the Phishing Incident Reporting and Termination Squad, a volunteer-run antiphishing group.

The IRS could do more to address the cybersquatting problem, said Enrico Schaefer, an attorney with Traverse Legal who specializes in domain name disputes. “This IRS press release is of zero value,” he said. “When someone ends up at, .net and .com, they think it’s affiliated with the government and they never see this. They would be much better served by simply taking control of those domains.”

The IRS could do this under Internet Corporation for Assigned Names and Numbers’ uniform domain-name dispute-resolution policy, he said.

In 2001, the government of Canada used this procedure to claim a total of 31 Web domains including, and

Representatives of, and could not be reached immediately for comment.

Robert McMillan, IDG News Service