Welcome | Sign In
ECommerceTimes.com
Internet Fraud

Scammers Swarm: Tax Time Is Open Season for Phishers

Print Version
E-Mail Article
Reprints
Scammers Swarm: Tax Time Is Open Season for Phishers

By Richard Adhikari
E-Commerce Times
04/08/09 12:26 PM PT

April 15 is just a week away, and it's a busy time for taxpayers and scammers alike. With everyone busy fussing about e-filing, stimulus checks, federal and state returns, and the often complex business of putting together a proper 1040, those looking to steal taxpayers' personal information for their own gain have a fertile field to plow. Don't get caught up in a scam.


How Much is 'Free' Costing You?
Learn how DaveRamsey.com saw a 567% uplift in ROI with Omniture. This complimentary guide and webinar cover the most important factors in selecting an analytics solution. Download Now.

It's tax time again, and the online scammers are crawling out of the woodwork. Their goals are to intercept personal information about taxpayers nationwide, and in some ways, they may be benefiting from the IRS' push for people to electronically file their returns.

Some scammers are "phishing" taxpayers by sending emails that claim to be from the IRS. They might ask for recipients' names, Social Security numbers and addresses in order to claim refunds, or they may ask the recipient to confirm that information.

Many set up fake Web sites offering free tax preparation software or tax prep services.

Others send out emails offering bogus stimulus package payments or tax refunds.

E-Filing: A Mixed Blessing

"Your fast, easy alternative to filing paper returns!" reads the blurb on the IRS page about e-filing for individuals, which boasts that 90 million people used e-file in 2008. The page outlines the benefits to filing one's taxes online, such as faster refunds, greater accuracy, and secure and confidential submission.

Taxpayers have turned to the Web in droves to deal Increase Customer Sales with Email Marketing -- Free Trial from VerticalResponse with tax issues. More than 138 million people visited the IRS site in the first three months of this year, compared to 111 million during the same period in 2008, according to the agency.

That's all well and good, but the move to online filing also opens the door to scammers.

Taxpayers should beware of Web sites that may resemble IRS.gov -- the official IRS Web site -- but end in .com, .net, .org, .biz or any other domain name extension, the IRS warns.

It's easy to spot the fake Web sites, though, because they often ask for visitors' personal and financial information, IRS spokesperson Michelle Lamishaw told the E-Commerce Times. "We do have the information we need normally, and the type of information scammers request is not the information we need, such as passwords of consumers' accounts."

Phishing Lines

Phishing is a type of fraud that occurs when people misrepresent themselves in an effort to get others to tell them sensitive information -- such as usernames, passwords and credit card details. Phishing can be undertaken through email or Web sites designed to get visitors to provide sensitive info in hope of a reward or prize.

The Obama administration's stimulus package has stoked the imaginations of countless phishers.

"There have been many stimulus-related scams out there since the package was announced," David Harley, director of malware intelligence at antivirus vendor Eset, told the E-Commerce Times.

Often, taxpayers get emails claiming they still have more money from their stimulus checks sitting in the Treasury, and all they have to do is fill out a form with their personal information and fax or email it back, Scott Stevenson, founder and CEO of EliminateIDTheft, told the E-Commerce Times.

"That's a scam," he said. "The IRS won't ask you for that information."

Emails purporting to be from the IRS are usually flat-out fakes.

"We do not send out emails to the typical taxpayer," the IRS's Lamishaw said, "and we would never send out emails telling taxpayers they're due for a refund or asking them to send us their personal and financial information."

Polishing the Scams

As consumers become more savvy about phishing scams, online fraudsters are doing everything they can to add credibility to their cover stories. For example, many phishing emails include personal information such as the last four digits of the recipients' Social Security numbers, EliminateIdentityTheft's Stevenson said. It may encourage the recipient to let his or her guard down, believing he or she has done business with the sender before.

However, that information is readily available from data brokers.

The growth of social networking sites, whose members readily put information about themselves on the Web, and the frequency of corporate and government data breaches have made such personal information commonplace and cheap. "The price used to be (US)$10 to $20 a name, and now it's $5 to $10 because this information is more readily available now," Stevenson said.

Some scammers are not just content with sending emails claiming to be from the IRS; they add in details to make their emails look more official in order to add credibility. "They use the logo of the IRS or Treasury Department, and sometimes they use the name of a real IRS executive or make up a name," the IRS's Lamishaw said.

For example, one phishing attack from the email address "stumulusref@i-r-s.com" includes an IRS logo, according to a blog post on Eset's Web site by Randy Abrams, the vendor's director of technical education.

No Such Thing as a Free Lunch

Another common scam is to offer free tax preparation software packages online. These contain malware that can infect victims' PCs.

A quick search online for free tax prep wares turned up a plethora of results. Sure, sites for TurboTax and the actual IRS were among the results, but there were also lots of lesser-known sites offering free online tax preparation. Some may be legit companies, others not so much.

"Don't just download the next free tax preparation software package you see," Ryan Barnett, director of application security research at Breach Security, told the E-Commerce Times.

Taxpayers should especially beware of sponsored links on Google (Nasdaq: GOOG) searches, as scammers often invest a few hundred dollars to buy prominent placement and lure in victims.

Taking Action Against Scammers

Those who have received phishing emails or have visited a fraudulent Web site can send the email or the Web site's URL to the IRS at phishing@irs.gov. If they can provide the email's Internet header, the IRS can trace it back to the hosting server and ask the host to remove that address, the IRS's Lamishaw said.

The IRS also has a page on its Web site explaining how to identify and report online scams. Lamishaw said the IRS will soon post alerts about scams.

Taxpayers looking for a tax filing service should get one approved by the IRS, EliminateIDTheft's Stevenson said. That information is available on the IRS site.

One other thing taxpayers should do is make sure their computers are not infected with spyware.

"Run a full antivirus and spyware scan," Breach Security's Barnett advised.

Print Version E-Mail Article Reprints More by Richard Adhikari

Talkback: Be the first to comment on this story.

Related News Alerts

Google Activate Alert | Search Archives

More by Richard Adhikari

New Pogoplug Brings Mobile Devices Into the Cloud
November 20, 2009
The Pogoplug allows a user to run a personal cloud server from a home network. The data resides on hard drives and thumb drives that plug directly into the Pogoplug device; from there, the data can be accessed from anywhere via the Internet. Keep in mind that some ISPs forbid customers from hooking servers up to residential connections, though those rules are rarely enforced. 		Google Spills Chrome OS' Guts
November 19, 2009
Google has made public the source code for its upcoming Chrome operating system. The OS will begin appearing on consumer-targeted netbooks next year. Chrome is built to live completely on the Web -- very little data is stored directly on the user's hard drive. This could make for much faster boot times and enhance security. 		Cyberfraud Arrests Unlikely to Stem ZeuS Rampage
November 18, 2009
Two alleged cybercrooks have been nabbed in the UK on suspicion of using a well-know Trojan to commit banking fraud. The malware in question in known as "ZeuS" or "Zbot," and althought it's quite common, it's also sometimes difficult for antivirus applications to nail. Simple software kits exist online for relatively inexperienced hackers to create unique malware for the purpose of fraud.
Don't miss a story -- sign up for our FREE e-mail newsletters and view the latest headlines at a glance.
Tech News Flash [ View Sample ]
E-Commerce Minute [ View Sample ]
ECT News Network Weekly Newsletter [ View Sample ]
Shortcuts
> Get Business and Technology News Alerts
> Most Popular | Spotlight Features | Exclusives
> This Week on ECT News Network | Podcasts
> Online Retail Transaction Performance Indices
> Inside E-Commerce Times
E-Commerce Times
TechNewsWorld
CRM Buyer
LinuxInsider
MacNewsWorld
Today's E-Commerce Times Sponsors
Complimentary Webinar
How Much is 'Free' Costing You? DaveRamsey.com’s 567% ROI with Enterprise Analytics
Vertical Response Email Marketing!
Sign up for your Free Trial today and send 100 emails on us!
Entrust Extended Validation SSL
Entrust EV SSL certificates -- "go green" for less. Now from only $199 per year.
Trend Micro Smart Protection Network(TM)
Lower your content security management costs by up to 40%.
Avaya Aura™
Save up to 40% on calling costs with Avaya Aura™
ECT News Network Information
Reader Services
Corporate
ECT News Network
Terms of Service | Privacy Policy | How To Advertise
Copyright 1998-2009 ECT News Network, Inc. All Rights Reserved.