This particular phishing scheme is well done from an HTML standpoint.  In almost all cases, the IRS, banks, and financial institutions notify folks by regular postal mail or a phone call.

Email is usually an unsecure channel for communicating sensitive information like this. Even if someone were working with the IRS or bank directly by email, they should contact the nearest office to validate any unexpected e-commerce transaction. Double checking can save dozens of hours of aggrevation in restoring lost funds or a person's identity after these types of attacks.

IRS Phishing Scam - $109.32 Refund offered
http://www.avertlabs.com/research/blog/index.php/2007/09/24/10930-in-2-minutes-irs-refunds-attack/

QUOTE: Phishers today are targeting the IRS with a large phish attack. So far it is spread over 25 domains. The phish offers victims $109.30 refund directly to their credit card for filling in an online form. How convenient.