Entry bubble Tax Time Email Scams

By: Nancy | April 03, 2008 | Category: Money

There wasn't a whole lot of April Fooling going on at Gov Gab headquarters this week, I'm sorry to report—except for the person who went nuts with a roll of double-face tape at lunchtime and stuck the office refrigerator door shut. I don't know who would do such a thing. But I regress. I mean, digress...

I wanted to tell you about another kind of fooling involving your email and tax season.

This year, more than 80 million tax returns will be filed electronically. And with America's growing comfort with online transactions—from shopping and auctions to banking and investing—scammers know you'll pay attention when you get an email that seems to be from a company or government agency you do business with, saying that there's a problem with your account. Scammers have gotten so good at spoofing—masquerading online as legitimate government agencies and businesses—to "phish" your personal and financial information out of you that even really web-savvy people are being fooled.

email iconAs we’re approaching tax time, scammers in the guise of the IRS are sending email messages reporting that you have an unexpected tax refund. And, they say, if you click the link in their email and enter information about yourself and your bank account, they'll send your refund. Don't believe it. Follow those instructions and you're likely to have your bank account drained instead.

How do you know what's real? Take a minute right now to read the IRS' alert about phishing emails and other tax scams. They also explain how to report fraudulent IRS email messages so they can investigate and catch the scammers.

If your email in-box is anything like mine, besides the confidential messages from Nigerian bankers and spam offering cheap prices on medications, you'll see other phishing schemes. I've gotten fake email allegedly from eBay, PayPal and more than a dozen banks and mortgage companies--most of which I don't even do business with. And they all request personal and financial information from me because my "account has been breached" or they want to update my records. Baloney. The government agencies and companies you do business with will not email you out of the blue about your account. When you get email messages like these, avoid opening them. But if you accidentally do, don't click any links in the email—they'll take you to a spoofed site instead of the real thing.

To find out if an email message is really from a company or agency, type the company or agency’s name or url into a search engine to make sure you get onto the legitimate site. Then on the home page, look for "contact us" or "security" or "report fake email/phishing" for instructions on determining whether an email is the real deal, and on reporting or forwarding the fake email for investigation.

As I've been writing this, I got another fake IRS email. It looks a lot like this. I forwarded it right on to the IRS for investigation. It makes me really mad when someone tries to take advantage of me—and of you. Please be careful online, and I'll do the same.

| Comments [3] | envelope Email This Entry | Tags: nancy  phishing  spoofing  tax 

 

Entry bubble I got phished!

By: Sommer | October 19, 2007 | Category: General

It finally happened to me, I got "phished" or "vished" -- whichever you prefer. I never thought it would happen to me since I've been giving the public information about protecting themselves from phishing and ID theft for years. It sure is different to be the one faced with fending off the crook, though.

So, here's my story: 

A couple weeks ago I was driving home from our office picnic when my personal cell phone rang. I usually don't answer if it's an unknown number, but for some reason I fishing polepicked up anyway. A woman with a syrupy southern accent started the conversation by saying she was from the State Department, she then told me I was using a cell phone number the government was paying for and nicely asked me to provide all the information about myself I possibly could that might help her "resolve this issue."

My first instinct was to help the woman out.  My heart had started beating like crazy as I wondered what I had fouled up this time.  I just wanted this situation resolved ASAP.  I mean, who wants the State Department on their case?  Then, my red flags started going up.  Why would the State Department call me directly instead of calling the cell phone company to ask about the bill? And, if  the State Department really wanted information about me, couldn't they get it another way, like send me a certified letter on government stationary? Besides, I pay the bill for that phone number every month, how could they be paying it, too? Whew, I finally had my wits about me and I hadn't given up any of my personally identifiable information (she already had my name and cell number).

With that brief moment of panic behind me, I kindly and firmly replied that unless she could prove what she was saying I had every reason to believe she was just trying to steal my identity, and, NO, I would not be sharing any personal information to help her out.  Then the threats started -- "I'm going to have the State Department's head of security call you" "and my director, too."  My favorites were "you're stealing from the government and committing a crime" and "we're going to have your cell phone turned off." I told her to feel free to have them contact me since I wouldn't be sharing any information with the head of security or her director either unless they could prove what was going on.  Exasperated, I excused myself from the conversation and hung up.

What did I learn from all this?

  1. It's harder to resist the phisher than I thought, and it's also scary to consider "what if they're telling the truth"?  I still wonder about this one, but, I haven't gotten a call from the State Department's head of security and no one has shown up at my door yet.  I'm comfortable this one was a hoax.
  2. Phishers don't just email, they can also call.  It's harder to fend off a caller than just deleting an email.  When in doubt just hang up.
  3. Be tough and if what the caller says sounds fishy or just doesn't make sense, it probably isn't legitimate. DO NOT answer any questions -- even if the caller threatens you!!
  4. Don't be afraid to ask for proof of the caller's identity.  If the caller's claim is legitimate they won't hesitate to prove themselves to you.
  5. Report email phishing to the US-CERTReport phone phishing to the National Fraud Information Center.
Thank goodness I didn't fall for it! 

| Comments [3] | envelope Email This Entry | Tags: email  fraud  idtheft  phishing  phone  sommer  telemarketing  vishing