Tax Season, Scam Season: How to Avoid the Fake Refund Cons

Before you go, we thought you'd like these...
tax scamsUncle Sam isn't the only one looking to collect from taxpayers this year: A rapidly growing number of Internet scammers are also using the guise of the IRS to siphon money out of consumers' pockets, security experts say.

"Approximately 155 million people are filing tax forms annually between now and April 15," says Robert Siciliano, an online security and safety evangelist for McAfee. And during the last five years, Siciliano says, tax-time identity thefts have dramatically surged.

Indeed, the number of complaints surrounding identity theft using a lure of tax refunds has soared 300% to 33,774 complaints in 2009, compared with 11,010 in 2005, according to a Scripps Howard News Service report.

Bogus Tax Refunds Are Popular Bait

A tax refund, albeit bogus, serves as juicy bait to potential victims in a phishing scheme, says Kevin Haley, director of Symantec's Norton Security, Technology and Response team.

Sponsored Links
"Everyone pays taxes, and there's something universal about wanting a refund," he says. "The Internet thieves know that people are more likely to fall for it if they think they'll get money."

The desire for a tax refund is apparently universal.

In India, a phishing scam circulated in 2010. Taxpayers received spam email messages, touting "Tax return" in the subject line. Users were then directed to click on a link that would take them to a fake version of the India Tax Department website, according to a Symantec blog.

W-2 Blues

Last year, identity thieves tried a new tax trick by emailing a bogus IRS notice to taxpayers, warning them that they did not submit an updated W-2 form. The email contained a link to a phishing website where taxpayers were instructed to enter their W-2 information, which includes such sensitive items as Social Security number, address, and wages.

Here's an example of the bogus W-2 email that made the rounds last year and was flagged by the Better Business Bureau:
From: update@irs.gov.us
Sent: 1/21/2011 4:37:41 P.M. Eastern Standard Time
Subj: Important: W-2 form update
We would like to inform you that as of the 21th of January you are late in updating your W-2 form submition with the new updated version. Please send us your completed W-2 update form by 02/01/2011. The updated version of the W-2 form please click on the link below:
(LINK REMOVED)

A New twist: Dialing for Dollars

With an ever-increasing number of people using smartphones, identity thieves are also targeting mobile devices. So Siciliano says he wouldn't be surprised if consumers begin to get bogus text messages purporting to come from the IRS.

"Most people feel the IRS knows everything about them, including their cellphone number," Siciliano says, adding that taxpayers are likely to click on a link in a text message because they may have a false sense of security that only a legitimate contact would have their cellphone number.

Advice for Playing it Safe

Here are some tips on avoiding tax scams, straight from the IRS:
  1. The IRS does not ask for personal identifying or financial information via unsolicited emails.
  2. Taxpayers do not have to complete a special form to obtain a refund.
  3. Do not open any attachments purporting to come from an IRS email. They could contain malicious code.
  4. Do not click on any website links in emails that claim to come from the IRS.
  5. Not sure if you are getting a tax refund? Contact the IRS at (800) 829-1040.

Security firms also offer up some advice about the typical types of social engineering bait used to lure the unwary: Offers to refund money to potential victims are popular among scammers, followed by offers of free tax advice or guarantees of untangling issues with back-taxes owed, Haley says.

Tax Season, Scam Season: How to Avoid the Fake Refund Cons



The (fake) tax man cometh: Identity thieves last year targeted consumers with bogus emails, claiming a W-2 form was not submitted and providing a link to a site for you to input your information. Problem was, the link directed taxpayers to a malicious site that could harvest that information, such as Social Security numbers and addresses, which could later be useful in hacking into their bank accounts.

Hackers tweak an older thievery technique: A phishing attack with a twist made the rounds in March, targeting users of eBay's (EBAY) PayPal, Bank of America (BAC), Lloyds, and TSB customers. The U.S. Computer Emergency Readiness Team (US-Cert) sounded the alarm that the malicious Web page is stored on a user's computer, rather than directing them to a Web page loaded with the malicious software. As a result, the hackers are able to bypass common anti-phishing security software. (For tips on reducing the odds of becoming a victim of an online financial scam in 2012, see also: The Top 10 Looming Computer Security Threats of 2012.)

False advertising: The FBI announced in November the arrest of six Estonian nationals, who were charged with running a major Internet fraud ring that infected millions of computers worldwide with a virus. That virus provided the window that the alleged thieves needed to commandeer consumers' computers and direct them to Web pages where advertisements were posted. Unbeknownst to the advertisers, they were paying the alleged thieves for website traffic that did not come willingly to the sites. The FBI claimed the Estonian nationals manipulated the multibillion-dollar Internet advertising industry to earn at least $14 million in illicit fees.

Getting past the gatekeeper: Email marketer Epsilon, which hosts databases of seven of the top 10 companies in the Fortune 500 and hundreds of others, suffered an attack by hackers in late March. The attack left customers of such major brands like Citigroup (C), Disney (DIS), and Marriott (MAR) vulnerable to potential phishing scams, which attempt to steal valuable personal information such as bank account or social security numbers.

Being used to unknowingly aid in medical fraud: More than 80 medical-equipment companies received a less-than-merry notice right before the holidays when Allstate Insurance Company filed a $6.3 million lawsuit to recover money it paid out for durable medical equipment, supplies, and orthotic devices. According to the complaint, retailers (and their owners, in conspiracy with wholesalers) submitted misleading and fraudulent bills using customers' personal-injury-protection benefits.

And in February, 20 individuals -- including three doctors -- were charged for allegedly bilking the government out of $200 million in Medicare costs for mental-health services. The elaborate scheme involved officials at community health centers paying kickbacks for patient referrals and billing Medicare for care that was not necessary, and in many instances, never provided. And Medicare wasn't the only victim. The patients who unknowingly were used to bilk the government were from halfway houses and assisted-living facilities.

of
SEE ALL
BACK TO SLIDE
SHOW CAPTION +
HIDE CAPTION


Motley Fool contributor Dawn Kawamoto does not own any stock in the companies listed.
Read Full Story

People are Reading

The Latest from our Partners
1 - 3 of 15