IRS Email Scam

I recently sent an email about this to my friends. Here’s the post:

If you receive the below email (Get 2008 Economic Stimulus Refund – $1800), delete it! This is a scam!!!! Please be perceptive enough to check into things before you blindly believe these technological lies. Apparently, a half-witted computer tech without morals is trying to capitalize on the stimulus refund from the government. He/she will be phishing for your bank account information & SSN, and will ultimately rob you of your identity.

Email is never the primary way governments, banking institutions and major businesses communicate with you. Remember, email is like a postcard, it’s not secure unless you use encryption (to answer everyone’s question, “Am I using email encryption?” I guarantee you that you would know if you’re using email encryption because you have to install it-or login to a secure webmail server, and it only works if the other person you’re communicating with uses the same type of encryption or has a private or public encryption key).

All it takes is a few tools and in five minutes I can intercept email as it travels across the internet. Again, email is simply a postcard. As it travels anyone with the right tools can intercept and read it. Never send banking information, passwords, or Personal Identifiable Information (PII) via unencrypted email.

Here are a few free email encryption solutions:

1. Hushmail (free secure webmail solution)

2. Google Gmail Encryption with FireFox: FireGPG (You have to login to https://gmail.com when using this encryption with Gmail.) Here’s the instruction on how to setup and use FireGPG encryption with Gmail: http://www.linux.com/articles/62369

3. Greasemonkey Encryption: Firefox Extension

If you have any questions, please visit my IT Security blog at: www.itsecurityadmin.wordpress.com or email me.

Here’s the email:

---

From: service@irs.gov [mailto:service@irs.gov]
Sent: Tuesday, May 13, 2008 3:58 AM
Subject: Get 2008 Economic Stimulus Refund ( $1800 )
Importance: High

Over 130 million Americans will receive refunds as
part of President Bush program to jumpstart the economy.

Our records indicate that you are qualified to receive the
2008 Economic Stimulus Refund.

The fastest and easiest way to receive your refund is by
direct deposit to your checking/savings account.

Please click on the link and fill out the form and submit
before May 13th, 2008 to ensure that your refund will be
processed as soon as possible.

Submitting your form on May 13th, 2008 or later means that
your refund will be delayed due to the volume of requests we
anticipate for the Economic Stimulus Refund.

To access Economic Stimulus Refund, please click here.

© Copyright 2008, Internal Revenue Service U.S.A. All rights reserved.

Identity Theft Preventive and Reactive Steps

 

Preventive Steps:

• When creating passwords and PINs (personal identification numbers), do not use the last four digits of your Social Security number, mother’s maiden name, your birth date, middle name, pet’s name, consecutive numbers or anything else that could easily be discovered by thieves. It’s best to create passwords that combine letters and numbers.
• Here’s a tip to create a password that is strong and easy to remember. Think of a favorite line of poetry, like “Mary had a little lamb.” Use the first or last letters to create a password. Use numbers to make it stronger. For example, MHALL, or better yet MHA2L!. The longer the string, the harder it is to crack.
• Never respond to “phishing” email messages. These appear to be from your bank, eBay, or PayPal. They instruct you to visit their web site, which looks just like the real thing. There, you are told to confirm your account information, provide your SSN, date of birth and other personal information. Legitimate financial companies never email their customers with such requests. These messages are the work of fraudsters attempting to obtain personal information in order to commit identity theft. (See example below.)

 

Example:

From: BankofAmerica [mailto:BankofAmerica@online.com]
Sent: Thursday, September 06, 2007 1:53 PM
Subject: Security update

We recently have determined that different computers have logged onto your Online Banking account, and multiple password failures were present before the logons. We now need you to re-confirm your account information to us. If this is not completed by September 7, 2007, we will be forced to suspend your ccount indefinitely, as it may have been used for fraudulent purposes. We thank you for your cooperation in this manner. To confirm your Online Banking records click on the following link: https://online.bankofamerica.com/IdentityManagement/ Thank you for your patience in this matter. Bank of America Customer Service Please do not reply to this e-mail as this is only a notification. Mail sent to this address cannot be answered. © 2007 Bank of America Corporation. All rights reserved.

 

***Note that this appears to be from a legitimate Bank of America email account; however, further investigation shows that the hyperlink advertised hides a different imbedded url address than the text that appears. It misleads victims to a scam website and records the private information that you provide.

· When shopping online, do business with companies that provide transaction security protection, and that have strong privacy and security policies. Always look for a secure url when making an online transaction (HTTPS://).

· Before disposing of your computer, remove data by using a strong “wipe” utility program. Do not rely on the “delete” function to remove files containing sensitive information.

• Be aware that file-sharing and file-swapping programs expose your computer to illegitimate access by hackers and fraudsters. If you use such programs, make sure you comply with the law and know what you are doing. Install and update strong firewall and virus protection.
• Run a credit report on yourself to see if there are any unknown credit inquiries or unauthorized accounts
• Reconcile your check and credit card statements in a timely fashion and challenge any purchases that you did not make
• Never give any important number out like from your drivers license, credit card, bank account, date of birth or social security number to anyone you don’t know over the telephone
• Shred your bank statements and any tax documents when you dispose of them
• Scrutinize your utility and subscription bills to make sure the charges are yours
• Memorize your passwords and personal identification (PIN) numbers. Keep your PIN numbers somewhere that only you know
• Don’t give out your PIN or write them on your credit cards or ATM cards
• Keep a list or photocopy all credit and identification cards you carry with you, including front and back, so that you can quickly call the issuers to inform them about missing or stolen cards
• Don’t give away too much personal information on your family web site. Full names, date of births, and address is too much information to post. By obtaining your “place-of-birth,” the identity thief can possibly get your duplicate birth certificate

If You Become a Victim

• Report the incident to the police immediately. If you know where your identification was stolen, that would be the correct police jurisdiction to report it to. Insist on being given a police report number a get a copy to encloses in correspondence with credit agencies
• Report all stolen cards to the issuers immediately and request that new card numbers. Always respond to written credit card receipt notifications received in the mail
• Notify your bank in the event that your checks are stolen and request that your account be closed

Credit Reporting Agencies:

	Phone	Online
Equifax	(888) 766-0008	www.equifax.com
Experian	(888) EXPERIAN (397-3742)	www.experian.com
TransUnion	(800) 680-7289	www.transunion.com

Federal Trade Commission Identity Theft Clearinghouse

• Phone: (877) IDTHEFT (877-438-4338)
• Web: www.consumer.gov/idtheft
• FTC’s free identity theft guide “Take Charge,” www.consumer.gov/idtheft

Federal Agencies and Technology Industry

• For tips on online safety, visit www.onguardonline.gov

California Office of Privacy Protection

• Phone: (866) 785-9663
• Web: www.privacy.ca.gov
• Guide to California identity theft and privacy laws, www.privacy.ca.gov/laws.htm. See also the state’s official web site on legislative bills and statutes, www.leginfo.ca.gov.

Identity Theft Resource Center

• Phone: (858) 693-7935
• Web: www.idtheftcenter.org

Privacy Rights Clearinghouse

• Phone: (619) 298-3396
• Web: www.privacyrights.org
• Test your identity theft risk factor, www.privacyrights.org/itrc-quiz1.htm

Compilation of Identity Theft Surveys

· Web: www.privacyrights.org/ar/idtheftsurveys.htm

Additional web sites:

• U.S. Dept. of Justice, identity theft info., www.usdoj.gov/criminal/fraud/idtheft.html
• FBI Internet Fraud Complaint Center. Report cases involving online fraud and phishing. www.ic3.gov
• Mari Frank’s Identity Theft Survival Kit. Phone: (800) 725-0807. Web: www.identitytheft.org