IRS Warns of New E-Mail and Telephone Scams Using the IRS Name; Advance Payment Scams Starting

Updated April 21, 2008 Some people have received phone calls about the economic stimulus payments, in which the caller impersonates an IRS employee. The caller asks the taxpayer for their Social Security and bank account numbers, claiming that the IRS needs the information to complete the processing of the taxayer’s payment. In reality, the IRS uses the information contained on the taxpayer’s tax return to process stimulus payments, rather than contacting taxpayers by phone or e-mail. An e-mail claiming to come from the IRS about the “2008 Economic Stimulus Refund” tells recipients to click on a link to fill out a form, apparently for direct deposit of the payment into their bank account. This appears to be an identity theft scheme to obtain recipients’ personal and financial information so the scammers can clean out their victims’ financial accounts. In reality, taxpayers do not have to fill out a separate form to get a stimulus payment or have it directly deposited; all they had to do was file a tax return and provide direct deposit information on the return. IR-2008-11, Jan. 30, 2008 WASHINGTON — The Internal Revenue Service today warned taxpayers to beware of several current e-mail and telephone scams that use the IRS name as a lure. The IRS expects such scams to continue through the end of tax return filing season and beyond. The IRS cautioned taxpayers to be on the lookout for scams involving proposed advance payment checks. Although the government has not yet enacted an economic stimulus package in which the IRS would provide advance payments, known informally as rebates to many Americans, a scam which uses the proposed rebates as bait has already cropped up. The goal of the scams is to trick people into revealing personal and financial information, such as Social Security, bank account or credit card numbers, which the scammers can use to commit identity theft. Typically, identity thieves use a victim’s personal and financial data to empty the victim’s financial accounts, run up charges on the victim’s existing credit cards, apply for new loans, credit cards, services or benefits in the victim’s name, file fraudulent tax returns or even commit crimes. Most of these fraudulent activities can be committed electronically from a remote location, including overseas. Committing these activities in cyberspace allows scamsters to act quickly and cover their tracks before the victim becomes aware of the theft. People whose identities have been stolen can spend months or years — and their hard-earned money — cleaning up the mess thieves have made of their reputations and credit records. In the meantime, victims may lose job opportunities, may be refused loans, education, housing or cars, or even get arrested for crimes they didn’t commit. The most recent scams brought to IRS attention are described below. Rebate Phone Call At least one scheme using the word “rebate” as part of the lure has been identified. In that scam, consumers receive a phone call from someone identifying himself as an IRS employee. The caller tells the targeted victim that he is eligible for a sizable rebate for filing his taxes early. The caller then states that he needs the target’s bank account information for the direct deposit of the rebate. If the target refuses, he is told that he cannot receive the rebate. This phone call is a scam. No legislation has yet been enacted that would allow the IRS to provide advance payments to taxpayers or that determines the details of those payments. Moreover, the IRS does not force taxpayers to use direct deposit. Those who opt for direct deposit do so by completing the appropriate section of their tax return, with bank routing and account information, when they file; the IRS does not gather the information by telephone. Refund e-Mail The IRS has seen several variations of a refund-related bogus e-mail which falsely claims to come from the IRS, tells the recipient that he or she is eligible for a tax refund for a specific amount, and instructs the recipient to click on a link in the e-mail to access a refund claim form. The form asks the recipient to enter personal information that the scamsters can then use to access the e-mail recipient’s bank or credit card account. In a new wrinkle, the current version of the refund scam includes two paragraphs that appear to be directed toward tax-exempt organizations that distribute funds to other organizations or individuals. The e-mail contains the name and supposed signature of the Director of the IRS’s Exempt Organizations business division. This e-mail is a phony. The IRS does not send unsolicited e-mail about tax account matters to individual, business, tax-exempt or other taxpayers. Filing a tax return is the only way to apply for a tax refund; there is no separate application form. Taxpayers who wish to find out if they are due a refund from their last annual tax return filing may use the “Where’s My Refund?” interactive application on this Web site, IRS.gov. The only official IRS Web site is located here at www.irs.gov. Audit e-Mail Another new scam brought to IRS attention contains features not seen before by the IRS. Using a technique calculated to get almost anyone’s attention, the e-mail notifies the recipient that his or her tax return will be audited. This is the first scam of which the IRS is aware that uses this to get the victim to respond. Unusual for a scam e-mail, it may contain a salutation in the body addressed to the specific recipient by name. Most scam e-mails seen by the IRS are sent using the same technique used by spammers, in which hundreds of thousands of messages are sent to potential victims based on Internet address. Because of the volume, the typical scam e-mail is not personalized. This e-mail instructs the recipient to click on links to complete forms with personal and account information, which the scammers will use to commit identity theft. This e-mail is a phony. The IRS does not send unsolicited, tax-account related e-mails to taxpayers. Changes to Tax Law e-Mail This bogus e-mail is addressed to businesses, accountants and “Treasury” managers. It instructs them to download information on tax law changes by clicking on a series of links to publications on businesses, estate taxes, excise taxes, exempt organizations and IRAs and other retirement plans. The IRS believes that clicking on a link downloads malware onto the recipient’s computer. Malware is malicious code that can take over the victim’s computer hard drive, giving someone remote access to the computer, or it could look for passwords and other information and send them to the scamster. There are other types of malware, as well. The urls contained in the link are not legitimate IRS Web addresses. All IRS.gov Web page addresses begin with http://www.irs.gov/. Paper Check Phone Call In a current telephone scam, a caller claims to be an IRS employee who is calling because the IRS sent a check to the individual being called. The caller states that because the check has not been cashed, the IRS wants to verify the individual’s bank account number. The caller may have a foreign accent. In reality, the IRS leaves it entirely up to the individual to choose to cash or not cash a paper check. The IRS has no business need to know, and does not ask for, bank account or similar information, except when taxpayers indicate on their tax return that they are opting for the direct electronic deposit of their refund. In that case, however, it is the individual’s responsibility to provide the IRS with the correct bank routing and account numbers on the tax return; the IRS does not contact taxpayers to verify the information. What to Do Anyone wishing to access the IRS Web site should initiate contact by typing the IRS.gov address into their Internet address window, rather than clicking on a link in an e-mail or opening an attachment. Those who have received a questionable e-mail claiming to come from the IRS may forward it to a mailbox the IRS has established to receive such e-mails, phishing@irs.gov, using instructions contained in an article titled “How to Protect Yourself from Suspicious E-Mails or Phishing Schemes.” Following the instructions will help the IRS track the suspicious e-mail to its origins and shut down the scam. Find the article by visiting IRS.gov and entering the words “suspicious e-mails” into the search box in the upper right corner of the front page. Those who have received a questionable telephone call that claims to come from the IRS may also use the phishing@irs.gov mailbox to notify the IRS of the scam. The IRS has issued previous warnings on scams that use the IRS to lure victims into believing the scam is legitimate. More information on identity theft, phishing and telephone scams using the IRS name, logo or spoofed (copied) Web site is available on this Web site. Enter the terms “phishing,” “identity theft” or “e-mail scams” into the search box in the upper right corner of the front page. Related Items: FS-2008-9, Identity Theft E-Mails Scams a Growing Problem IR-2007-109, IRS Warns Taxpayers of New E-mail Scams Suspicious e-Mails and Identity Theft Subscribe to IRS Newswire

IRS Email Scam

I recently sent an email about this to my friends. Here’s the post:

If you receive the below email (Get 2008 Economic Stimulus Refund – $1800), delete it! This is a scam!!!! Please be perceptive enough to check into things before you blindly believe these technological lies. Apparently, a half-witted computer tech without morals is trying to capitalize on the stimulus refund from the government. He/she will be phishing for your bank account information & SSN, and will ultimately rob you of your identity.

Email is never the primary way governments, banking institutions and major businesses communicate with you. Remember, email is like a postcard, it’s not secure unless you use encryption (to answer everyone’s question, “Am I using email encryption?” I guarantee you that you would know if you’re using email encryption because you have to install it-or login to a secure webmail server, and it only works if the other person you’re communicating with uses the same type of encryption or has a private or public encryption key).

All it takes is a few tools and in five minutes I can intercept email as it travels across the internet. Again, email is simply a postcard. As it travels anyone with the right tools can intercept and read it. Never send banking information, passwords, or Personal Identifiable Information (PII) via unencrypted email.

Here are a few free email encryption solutions:

1. Hushmail (free secure webmail solution)

2. Google Gmail Encryption with FireFox: FireGPG (You have to login to https://gmail.com when using this encryption with Gmail.) Here’s the instruction on how to setup and use FireGPG encryption with Gmail: http://www.linux.com/articles/62369

3. Greasemonkey Encryption: Firefox Extension

If you have any questions, please visit my IT Security blog at: www.itsecurityadmin.wordpress.com or email me.

Here’s the email:

---

From: service@irs.gov [mailto:service@irs.gov]
Sent: Tuesday, May 13, 2008 3:58 AM
Subject: Get 2008 Economic Stimulus Refund ( $1800 )
Importance: High

Over 130 million Americans will receive refunds as
part of President Bush program to jumpstart the economy.

Our records indicate that you are qualified to receive the
2008 Economic Stimulus Refund.

The fastest and easiest way to receive your refund is by
direct deposit to your checking/savings account.

Please click on the link and fill out the form and submit
before May 13th, 2008 to ensure that your refund will be
processed as soon as possible.

Submitting your form on May 13th, 2008 or later means that
your refund will be delayed due to the volume of requests we
anticipate for the Economic Stimulus Refund.

To access Economic Stimulus Refund, please click here.

© Copyright 2008, Internal Revenue Service U.S.A. All rights reserved.

Spam Reached 96 Percent Of Email in Q4, 2007

Global spam levels measured by Commtouch swelled through the fourth quarter of 2007, hitting a high of 96 percent of all email in October 2007.

While we can’t speak for the rest of the Internet, we do see the inbox sift out roughly six good messages out of 300 at any given time at SecurityProNews.

That puts us in the neighborhood email security vendor Commtouch observed. Global spam levels measured by the company for the year hit an astonishing peak of 96 percent.

Astonishing unless one is sitting in the lead-lined writing room at our international HQ, watching the wonderful SpamBayes plug-in go to work on an inbox freshly opened in the morning. Commtouch said on their blog they “monitor unfiltered data streams of Internet email traffic, not including internal corporate traffic. This open traffic is analyzed to find the ratio of spam to legitimate email messages.”

The cruft collecting in inboxes, unless one has a product cleaning it on a continual basis, can contain any number of unwanted pests. Minor annoyances like plaintext stock-pumping emails pale in comparison to the malware-linked spam leading to infections and possible takeover by a remote server.

Those takeovers tend to connect a victimized PC to a broad network of other corrupted machines. These devices function as a botnet, which increasingly in these times provide outlets for the distribution of the Storm worm, a ferociously prolific pest that could be on millions of computers worldwide.

Link

ATM Fraud / Costco Shopping?

As you know, this is my bread and butter. I thought I would pass along some information that might concern you, especially if you have shopped at the Tracy Costco lately. It’s extremely important to keep a sharp eye out for fraudulent transactions on your bank and credit accounts. Many perpetrators pull a little money out at first to see if you notice. Then they start siphoning out money daily, until the account is closed. This Costco event affected a co-worker of mine, but he caught it early because every bank account transaction is setup to notify his email account. He caught it within one hour, and is only dealing with a $500 case. Others weren’t so fortunate, and are having a harder time.

ATM fraud cases spread, FBI to help

Bob Brownne / Tracy Press / Wednesday, 16 January 2008

On Wednesday alone, 24 more people reported that money was taken out of their bank accounts using their ATM cards, and the FBI has been contacted to help solve the puzzling electronic crime spree.

Dozens of people have been ripped off through an ATM scam in town, and Tracy Police could get FBI help with their investigation.

On Wednesday, Tracy police had fielded 24 calls from victims as of 4 p.m. Police heard from 14 victims on Tuesday and 12 on Monday, but before that, there were only a few each day. While many people, including 20 or so from the Grant Line Road Costco store, suspect their accounts were compromised at the Costco gas station, the scam could reach further.

“What’s so bizarre was I didn’t use my debit card since I was up with my aunt and uncle for New Year’s Eve,” said Janet Sayers of Tracy.

She said her bank called her Sunday to report a $500 withdrawal from an ATM in Pleasanton and then froze her account when she confirmed that it was a fraudulent transaction.

“I was home all day,” she said.

While she uses the Costco gas station, she said she hadn’t been back since just before the New Year’s holiday. She said she has also used her ATM at a store where a clerk passes the card through a reader behind the counter, but she won’t do that anymore.

Another woman said she used her ATM at the Costco pharmacy and lost $1,000 shortly afterward when someone made withdrawals from ATMs in Milpitas and Palo Alto.

Management at Costco would not comment on the matter.

Banks are familiar with ATM and credit card scams. Yannick Green of Mountain House said he learned how widespread this week’s problem is when he went to his bank to cancel his ATM cards.

“When I went into the bank to stop everything, they said they weren’t surprised,” Green said. “I wasn’t the first one in there to report theft.”

Like many of the folks who called the police Tuesday, Green had used an ATM card at Costco on Grant Line Road. He said the machine wouldn’t accept his card Friday, so he used a cash voucher to buy gas. Afterward, he thought something was amiss, and over the weekend, his wife spotted $500 worth of charges from ATMs in Sunnyvale and Mountain View on their account.

Tracy police still haven’t reported where or how thieves gained access to debit card data in town.

City spokesman Matt Robinson said Wednesday that the detective on the case is now working with the FBI. An FBI spokesman in Sacramento said he was unaware of an investigation. The FBI spokesman from the San Francisco office said agents would not comment on whether there is an active investigation.

Scott Gillingham, resident agent in charge for the U.S. Secret Service office in Sacramento, said he is unfamiliar with this case, but the agency regularly investigates electronic fraud of this sort.

Gillingham said thieves often attach electronic devices to the front of an ATM. A person using an unfamiliar ATM might not recognize the device, which will read a card’s magnetic strip and record or transmit the information. That allows a thief to make a counterfeit card. Thieves will use a hidden camera on or near the ATM to record a user’s entry on the PIN keypad.

“It’s not very common in this area, and people are able to tell that the machine has been modified,” he said, though the devices also have become more sophisticated.

The California Bankers Association issued an alert about that type of scam in July 2005. The association warned people to be aware of any changes to the ATMs they regularly use and also to shield the keypad when they enter their pass codes.

• We want to hear what you have to say. To reach reporter Bob Brownne, call 830-4227 or e-mail

brownne@tracypress.com. This email address is being protected from spam bots, you need Javascript enabled to view it <!– document.write( ” ); //–>

Phishing Scams – How To Verify A Site Certificate

Some malicious individuals use phishing scams to set up convincing spoofs of legitimate Web sites. They then try to trick you into visiting these Web sites and disclosing personal information, such your credit card number.

Fortunately, there are several steps you can take to help protect yourself from these and other types of attacks.

What is a spoofing attack?

Spoofing attacks are commonly used in conjunction with phishing scams. The spoofed site is usually designed to look like the legitimate site, sometimes using components from the legitimate site. The best way to verify whether you are at a spoofed site is to verify the certificate.

Do not rely on the text in the address bar as an indication that you are at the site you think you are. There are several ways to get the address bar in a browser to display something other than the site you are on.

How to verify a site certificate

Always verify the security certificate issued to a site before submitting any personal information. Before you submit any personal information, ensure that you are indeed on the website you intend to be on.

In Internet Explorer, you can do this by checking the yellow lock icon on the status bar.

This symbol signifies that the website uses encryption to help protect any sensitive personal information—credit card number, Social Security number, payment details—that you enter.

Secure site lock icon. If the lock is closed, then the site uses encryption. Double-click the lock icon to display the security certificate for the site. This certificate is proof of the identity for the site.

When you check the certificate, the name following Issued to should match the site you think you are on. If the name differs, you may be on a spoofed site.

If you are not sure whether a certificate is legitimate, do not enter any personal information. Play it safe and leave the Web site.

Legitimate certificate. When new subscribers sign up for MSN services, they can match the Issued to domain name (msn.com) to the Web site domain name (also msn.com).

Also, be cautious about clicking links in e-mail messages or in online ads from retailers you don’t recognize or trust. If you have any doubt about a link, do not click it.

Instead, type the Web site address into the address bar of your Web browser, or try to confirm that the link is legitimate. Remember, if an offer sounds too good to be true, it probably is.

Get the Phishing Filter

Phishing Filter is designed to warn or block you from potentially harmful Web sites. It’s available in Windows Internet Explorer 7 for Windows XP Service Pack 2 (SP2), and Windows Vista. It is also available in the new Windows Live Toolbar for users of Internet Explorer 6 and above.