Published April 14, 2011
As the tax-filing deadline approaches, people wanting your money are coming at you from all sides. No, they're not with the Internal Revenue Service. They're con artists.
Tax season is prime hunting season for these financial predators. Folks are worried enough about correctly filing their returns, so they take any indication that they've done something wrong very seriously.
Scammers know this, and use that trepidation to hook and reel in taxpayers through phishing schemes. Phishing is a scam where criminals send fake emails to trick unsuspecting victims into revealing personal and financial information. Although this identity theft technique goes on year-round, it's a tax-time perennial.
"Hackers leverage people's fear or top-of-mind thinking about tax season, asking them to visit a malicious website and trying to capture user names or other information or to download malware onto personal computers," says Brendan Ziolo, vice president of marketing at Kindsight, a provider of identity theft protection.
Phishing season coincides with tax time
A recurring tax phishing scam is an email alerting you of a problem with your filing or tax refund.
Don't fall for it.
When the IRS does have a question about your return, it doesn't communicate via email. The federal tax agency still uses paper correspondence sent via the U.S. Postal Service.
Also, remember that the IRS never asks taxpayers for sensitive financial and personal information. Neither does it request financial account security information, such as PINs, from filers. Any emailer asking for those details is not from the IRS.
Tax help offer that can hurt
Some phishers opt for more positive tax lures, promising surefire tax-saving opportunities or creative tax deduction or tax credit techniques. One such unsolicited tax email making the rounds this year is an offer of free tax preparation services. To get the "help," all you have to do is click the enclosed link. Don't do it.
Such links are gateways for a virus that can infect your computer or programs that will grant criminals access to your personal financial life. "They give them complete control over your computer," says Ziolo. "They log on and steal files, statements, photos, the list is long.
"With more and more people using tax software, people are saving tax returns and other documents on their computers. These contain personally identifiable information that hackers can use to steal your identity or sell the information to others."
The wrath of Zeus
Kevin McNamee, security architect at Kindsight, says that many fake tax links also now utilize the banking Trojan virus called Zeus. True to its name as the supreme Greek mythological god, this spyware meddles with victims' financial lives.
A click on a fake IRS email link starts installing Zeus. "It hooks into your browser and when you go to your bank for online banking, it provides the hacker with that (banking) information," says McNamee.
From there, the hacker can modify your online banking screens so that they appear to be your bank's, but your transactions are transferred to facilities in other countries.
"The spyware has nothing to do with tax filing itself," says McNamee. "It uses the hook since it's this time of year."
So don't click on links in emails. In fact, you also should think twice about clicking on links when you do a tax-related Web search. ID thieves, says Ziolo, are now poisoning search results.
They use search engine techniques to push their fake sites higher up the list. Some scammers even buy ads to promote their schemes as a legitimate business. In tax season, these could be free tax software offers or ask-a-tax-expert services. Don't take the top search result at face value.
While such search engine optimization, or SEO, gaming efforts are not yet that common in tax season, they are popular with criminals using holiday hooks, such as Christmas or Black Friday shopping deals. And the mid-April tax deadline could soon be the next scam holiday date.
"Search engines do their best, but there's always a chance a bad link can slip by," says Ziolo. "Search safely, go to a browser and enter the software name rather than clicking on a link."
The same is true for sights masquerading as the IRS' official website. Although the IRS has tried to crack down on fake websites that mimic the official federal agency's online presence, criminals create new sites as soon as older ones are shut down.
When you want any information from the IRS, type in IRS.gov yourself. And be sure to go to that site and then use the link there to access the agency's Free File option.
Report scam attempts
In addition to ignoring any fake IRS websites or emails, report them to Uncle Sam.
Although the IRS doesn't send out email, it's happy to accept electronic messages from taxpayers about scams. Forward the suspicious email to the IRS at email@example.com. Then delete the potentially criminal email.
If you ever have any doubt as to whether any IRS contact is authentic, or to report any type of tax fraud any time of the year, call (800) 829-1040.