Cyber-thieves are clever crooks. They know an e-mail that looks like it’s from the IRS will get your attention. So they send out fake e-mail that says you are about to be audited or are due a big refund. Who could ignore a message like that?
This is just another clever twist on the old “phishing” scam, designed by identity thieves to steal your personal information.
Right now, the most popular IRS phishing scam deals with a substantial tax refund. The wording and refund amounts vary depending on which crook sends the bogus message.
Albert Allpress of Bremerton, Wash., is one of the many people who received this e-mail and sent it to me. “It’s real tempting when you see $869 and all you have to do is fill out this form,” he says. Allpress was skeptical, even though the e-mail had the real IRS logo at the top of it.
The logo is real. The scammers just copy it off the IRS web site. But the message is bogus. The scammers hope you will click on the link in the e-mail that takes you to their web site. It looks identical to the real IRS site. The bogus site has a form that asks for all sorts of personal information: Social Security number, date of birth, mother’s maiden name, credit card information and the PIN for your ATM card.
Armed with this information, the scammers could charge things to your credit card and drain your bank account. They could use your Social Security number to access your medical records and financial accounts or assume your identity.
Why do people fall for this? “There’s this sense of desperation right now and that’s what these bad guys prey on,” says Howard Schmidt, former White House cyber-security advisor. “I’m just shocked when I hear people have fallen victim to this, but obviously it works or the bad guys wouldn’t do it.”
Spotting the scams
It’s very easy to determine if that e-mail really is from the Internal Revenue Service – and chances are it’s not. Here’s all you need to remember: The IRS never initiates contact with taxpayers via e-mail if it has to do with your account or private information.
“We’re not going to send you a notice out of the blue that asks for very sensitive information,” says IRS spokesman Eric Smith. “We don’t ask for your PIN and we don’t ask for passwords. That’s just not the way we do business.”
And remember, the IRS already has your Social Security number – you used it to file your return.
If you made a mistake on your tax return or if you have an unexpected refund coming, the IRS will notify you with a letter sent through the U.S. mail. “We don’t send out refunds by e-mail, we don’t audit people by e-mail and we don’t collect taxes by e-mail,” Smith says.
The bottom line
Anytime you get an e-mail that asks for your most private information – no matter how official it looks – don’t do anything until you have time to check it out.
If you fill out a form with your personal information and hit submit – it’s gone. You’ve just given the identity thieves everything they want and there’s no way to get it back.
If you get an unsolicited e-mail that claims to be from the IRS, realize it’s bogus. Don’t click on a link; don’t open an attachment. Delete it! Don’t respond. All that will do is confirm that you have a working e-mail address which will probably result in even more spam.
You can forward any bogus e-mail to the IRS which might help the feds shut down the rogue site more quickly.
© 2013 msnbc.com. Reprints