Security Threat Alert | iPhone iOS 7
Overall Threat Level: HIGH
Required Attention Timeline: IMMEDIATE
Apple has released an update for iOS 6 and 7 to address a substantial security vulnerability where unpatched
devices are susceptible to attacks which can intercept, read and modify: encrypted mail, web browsing,
app traffic and other sensitive data. You can learn more from the Apple website or KrebsonSecurity.
The general consensus is that in order to exploit this flaw, the hackers must have privileged control over
WiFi or cellular networks used by vulnerable devices. Because of this mitigating factor, the overall risk is
lowered somewhat. However, because of the potential severity, and the relative ease to fix, it is advisable to
give this matter immediate attention.
At this time, it is believed that this bug was introduced in iOS 6.0, so devices running iOS 5.x and previous
are not impacted. To test your device, visit https://gotofail.com from any Apple products which could be
compromised. The website will display a pass or fail message, depending on whether the device accessing it is susceptible.
To update your Apple device, visit Settings > General > Software Update
We have been made aware of a security breach involving a major US retailer's card processing system. We encourage consumers to closely monitor their account(s) for fraudulant activity. If you discover unauthorized charges, please contact the bank immediately.
In the meantime, Premier Bank is taking precautionary measures to mitigate losses by ordering replacement cards for all cards identified on the compromised card lists. Your new card should arrive in 10-14 days at which time the suspect card will be closed.
If you have additional questions, please contact your branch location.
Beware of a new banking scam that's on the rise:
Be suspicious if you receive an automated call with a recording claiming to represent a local bank, indicating your debit card has been frozen and personal information is needed before the card can be used again. This appears to be a variation on the scam known as "phishing," in which swindlers send e-mail claiming to be from a reputable company, hoping consumers will respond with personal financial information. In the latest twist on this scam, fraudsters have been perpetuating these automated calls late in the night, perhaps believing that a tired consumer is less vigilant.
The American Bankers Association Education Foundation recommends never giving out your personal financial information is response to an unsolicited phone call, fax, or email, no matter how official it may seem. Your best response is simply no response. If you should receive one of these calls or any variation of this scam from an individual or entity claiming to represent Premier Bank, or if you have already become a victim, please contact us.
Oct. 31, 2013
IRS Warns of Pervasive Telephone Scam
WASHINGTON — The Internal Revenue Service today warned consumers about a sophisticated phone scam targeting taxpayers, including recent immigrants, throughout the country.
Victims are told they owe money to the IRS and it must be paid promptly through a pre-loaded debit card or wire transfer. If the victim refuses to cooperate, they are then threatened with arrest, deportation or suspension of a business or driver’s license. In many cases, the caller becomes hostile and insulting.
“This scam has hit taxpayers in nearly every state in the country. We want to educate taxpayers so they can help protect themselves. Rest assured, we do not and will not ask for credit card numbers over the phone, nor request a pre-paid debit card or wire transfer,” says IRS Acting Commissioner Danny Werfel. “If someone unexpectedly calls claiming to be from the IRS and threatens police arrest, deportation or license revocation if you don’t pay immediately, that is a sign that it really isn’t the IRS calling.” Werfel noted that the first IRS contact with taxpayers on a tax issue is likely to occur via mail
Other characteristics of this scam include:
- Scammers use fake names and IRS badge numbers. They generally use common names and surnames to identify themselves.
- Scammers may be able to recite the last four digits of a victim’s Social Security Number.
- Scammers spoof the IRS toll-free number on caller ID to make it appear that it’s the IRS calling.
- Scammers sometimes send bogus IRS emails to some victims to support their bogus calls.
- Victims hear background noise of other calls being conducted to mimic a call site.
- After threatening victims with jail time or driver’s license revocation, scammers hang up and others soon call back pretending to be from the local police or DMV, and the caller ID supports their claim.
If you get a phone call from someone claiming to be from the IRS, here’s what you should do:
- If you know you owe taxes or you think you might owe taxes, call the IRS at 1.800.829.1040. The IRS employees at that line can help you with a payment issue – if there really is such an issue.
- If you know you don’t owe taxes or have no reason to think that you owe any taxes (for example, you’ve never received a bill or the caller made some bogus threats as described above), then call and report the incident to the Treasury Inspector General for Tax Administration at 1.800.366.4484.
- If you’ve been targeted by this scam, you should also contact the Federal Trade Commission and use their “FTC Complaint Assistant” at FTC.gov. Please add "IRS Telephone Scam" to the comments of your complaint.
Taxpayers should be aware that there are other unrelated scams (such as a lottery sweepstakes) and solicitations (such as debt relief) that fraudulently claim to be from the IRS.
The IRS encourages taxpayers to be vigilant against phone and email scams that use the IRS as a lure. The IRS does not initiate contact with taxpayers by email to request personal or financial information. This includes any type of electronic communication, such as text messages and social media channels. The IRS also does not ask for PINs, passwords or similar confidential access information for credit card, bank or other financial accounts. Recipients should not open any attachments or click on any links contained in the message. Instead, forward the e-mail to email@example.com.
More information on how to report phishing scams involving the IRS is available on the genuine IRS website, IRS.gov.
10 Ways Criminals Get Debit Card Data
Criminals are more organized and sophisticated than ever before. Attacks on ATM machines range from simplistic to highly organized efforts involving multiple ATMs across the country, hundreds of fraudulent cards and criminal gangs spanning the globe. So, how do criminals get your customers' debit card data? Here are 10 different ways:
Attack sophistication: Low / Scale of attack: Small
The simplest way for a criminal to get card data is to steal someone's card. To get the PIN, the thief might shoulder surf or guess a weak password, such as a birthdate.
Attack sophistication: Low / Scale of attack: Moderate
A criminal might decide to steal either an ATM or POS terminal. Cash can be pulled from the ATMs, but both types of machines could store card numbers if misconfigured. A stolen machine is also valuable in order to learn about weaknesses or ways to physically attack it.
Offline account takeover
Attack sophistication: Moderate / Scale of attack: Small
Breaking into mailboxes and stealing bank statements or other personal information can let a criminal conduct identity theft. Often they'll try to change the victim's mailing address with the bank, order a new card, and activate it. If the bank has good processes in place that are adhered to, then this type of attack can be stopped.
Separate skimming device
Attack sophistication: Low / Scale of attack: Moderate
If a deft criminal can get a hold of a card for a few seconds, then they can swipe it through a reader and get its data.
Overlaid skimming devices
Attack sophistication: Low / Scale of attack: Moderate
In this case, the criminal places a card reader over the machine's intrinsic reader. They might also attach a video camera or a pin-pad overlay to capture the PIN.
Internal skimming devices
Attack sophistication: Moderate / Scale of attack: Large
More capable criminals could place a skimming device inside a terminal, such as at a gas pump. The skimmer intercepts messages on the data lines, and is tough to detect without opening up machines.
Attack sophistication: High / Scale of attack: Moderate
A terminal can be hijacked by replacing the operating system with a compromised one. An avenue of attack might be available for those ATMs with remote control capabilities that are left in the default (and insecure) settings. Stolen machines might also be modified and then used to replace an existing, non-compromised terminal.
Ghost ATMs and fake fronts
Attack sophistication: Moderate / Scale of attack: Moderate
Why add a skimming device to a real terminal when you can just use your own fake one? Criminals have been known to place fake, modified terminals in public spaces where victims will use their cards but receive communication error messages. In reality the terminal has captured card data and PIN, and stored it for later retrieval.
Buying the data
Attack sophistication: Low / Scale of attack: Moderate to Huge
With so many means of attack, there is a glut of card information on the market. Lazy criminals can simply buy card data, starting at $1 or less. Quality costs extra, but in the underground marketplace there are products for everyone.
Attack sophistication: High / Scale of attack: Huge
Capable hackers are able to crack the security on merchants and other card data holders, and access large volumes of card data. With the heightened awareness of cybercrime, the industry has made strides in using more secure techniques for storing data (or in many cases, ensuring that they don't store it). This has made it harder for criminals, but there are still many opportunities for attacks.
Unfortunately, as debit card use continues to grow, criminals will find new ways to steal the data.
Article taken from: http://verafin.com/page/1049/10-ways-criminals-get-debit-card-data?mkt_tok=3RkMMJWWfF9wsRojvqzIZKXonjHpfsX56%2BsuX6Cg38431UFwdcjKPmjr1YAHT8N0aPyQAgobGp5I5FEAT7fYU69qt6cNWA%3D%3D
Fraudulent Emails Claiming to be from NACHA (Phishing Alert Update 3/29/2011)
Further to notices issued on March 11 and February 22, 2011, NACHA The Electronic Payments Association has received reports that individuals and/or companies continue to receive fraudulent emails that have the appearance of having been sent from NACHA. These emails vary in content and appear to be transmitted from email addresses associated with the NACHA domain (@nacha.org). Some bear the name of fictitious NACHA employees and/or departments.
NACHA itself does not process nor touch the ACH transactions that flow to and from organizations and financial institutions. NACHA does not send communications to persons or organizations about individual ACH transactions that they originate or receive.
Be aware that phishing emails frequently have attachments and/or links to Web pages that host malicious code and software. Do not open attachments or follow Web links in unsolicited emails from unknown parties or from parties with whom you do not normally communicate, or that appear to be known but are suspicious or otherwise unusual.
If malicious code is detected or suspected on a computer, consult with a computer security or anti-virus specialist to remove malicious code or re-install a clean image of the computer system.
Always use anti-virus software and ensure that the virus signatures are automatically updated.
Ensure that the computer operating systems and common software application security patches are installed and current.
Additional information and guidance on phishing is available from the Federal Deposit Insurance Corporation (FDIC).
January 12, 2011
Summary: E-mails fraudulently claiming to be from the FDIC are attempting to get recipients to click on a link, which may ask them to provide sensitive personal information. These e-mails falsely indicate that FDIC deposit insurance is suspended until the requested customer information is provided.
The Federal Deposit Insurance Corporation (FDIC) has received numerous reports from consumers who received an e-mail that has the appearance of being sent from the FDIC. The e-mail informs the recipient that "in cooperation with the Department of Homeland Security, federal, state and local governments..." the FDIC has withdrawn deposit insurance from the recipient's account "due to account activity that violates the Patriot Act." It further states deposit insurance will remain suspended until identity and account information can be verified using a system called "IDVerify." If consumers go to the link provided in the e-mail, it is suspected they will be asked for personal or confidential information, or malicious software may be loaded onto the recipient's computer.
This e-mail is fraudulent. It was not sent by the FDIC. It is an attempt to obtain personal information from consumers. Financial institutions and consumers should NOT access the link provided within the body of the e-mail and should NOT under any circumstances provide any personal information through this media.
The FDIC is attempting to identify the source of the e-mails and disrupt the transmission. Until this is achieved, consumers are asked to report any similar attempts to obtain this information to the FDIC by sending information to firstname.lastname@example.org
Sandra L. Thompson
Division of Supervision and Consumer Protection
Financial Institutions have begun hearing complaints that customers are seeing "Pop-up" windows while they are visiting the web page. These "Pop-up" windows are targeting Financial Institution web sites to get customer personal information. Please do not give out any information regarding your account: Account numbers, PIN numbers, Card numbers, or Expirations dates - as well as - any personal information. We will never contact you or allow solicitations from us through a "Pop-up" window, through phone calls, e-mail, or through text messages.
These "Pop-up" windows are a caused by a compromise of the customer's pc and not the Premier Bank systems.
If you have received a "Pop-up" window while visiting our web site, please report this incident to us at 651-777-7700 or e-mail us at: email@example.com
Fraudulent Phone Call Alert from Premier Bank (5/27/2010)
It has been brought to Premier Banks attention that customers are receiving phone calls from a third party stating that there is a problem with their debit card. Premier Bank does not and will not call customers for this reason. If you receive a call please DO NOT give out any information and hang up. If you have any questions, please contact any Premier Bank location.
Email Alert from Premier Bank (4/27/2010)
Random individuals and/or companies may have received an e-mail from the one of the following senders:
An exact replica, including spelling mistakes, is posted below. Fraudulent emails often contain spelling mistakes.
----------- Counterfeit e-mail below --------------
Subject: premierbanks.com account notification
This e-mail was send by premierbanks.com to notify you that we have temporanly prevented access to your
account. We have reasons to beleive that your account may have been accessed by someone else. Please
run this file and Follow instructions:
----------- End of Counterfeit e-mail --------------
The message posted above was not sent by Premier Banks and should be deleted upon receipt. Premier Banks will never send unsolicited emails alerts.
A recurring concern we hear about at the BBB involves customers signing up online for 'risk free' trials of various health products, including Acai Berry weight loss and teeth-whitening products. In fact, offers like these made the BBB's Top Ten list of scams and rip-offs that took advantage of consumers and small business owners in 2009. What we're hearing is that customers are sometimes being charged for these 'free trials' if they fail to cancel within the trial period. We're also hearing that some customers are being billed for the products they don't receive and then have trouble getting billing issues straightened out. If you're looking for health products online, here are some things you need to know:
1. Before taking any weight-loss supplement or trying a new health product, you'll want to be sure to consult a health care professional. Some websites offering products like these make unrealistic claims or give advice which could be damaging to your health. Make sure you know what you're buying and that the claims marketers are making have basis in fact and won't jeopardize your health.
2. Before purchasing health products online, check out the seller first. You can do so at www.bbb.org. When you're researching companies, don't just enter their name. You can also do advanced searches using phone numbers and web addresses. Remember, the more fantastic the health claim, the greater the odds customers somewhere have been disappointed by the product.
3. Make sure you understand all the terms of any offer you receive. Many times important information (such as future billings which will commence if you fail to cancel within a given timeframe) is buried deep in the fine print. Or else you have to click through multiple links to gather all the information you need to evaluate the offer. If you have concerns about and offer you receive, trust your instincts. If something doesn't feel right, take a step back and do some more investigating.
4. Finally, consumers shopping online should look for the BBB seal on websites and click on the seal to confirm its legitimacy. And of course, consumers can always contact the BBB directly with questions, concerns and complaints.
Getting healthy is always an admirable goal, just be sure you're keeping an eye on your financial health as well - investigate before you invest!
BBB Announces 2009 Statistics, Scam Predictions for 2010
January 12, 2010 – Saint Paul, Minnesota
The Better Business Bureau of Minnesota and North Dakota (BBB) has compiled its statistics for 2009 and is announcing the Top Ten industries for customer complaints and inquiries, as well as total instances of service to the public - 1,733,975 - a new record for the BBB.
The BBB handled over 25,500 complaints in 2009, resolving nearly 92% of them. "2009 is barely in our rear view mirror and we’re working hard to analyze the data for trends," said Dana Badgerow, president and CEO of the BBB. "The statistics that emerge from the past year will allow us to identify the industries that most need our help in decreasing complaints and increasing consumer trust."
Despite the troubles the auto industry has experienced recently, complaints against auto dealers topped our list last year. Complaints against contractors were also prevalent, as evidenced by the five categories in the construction field which made the list. The construction industry also topped the list of inquiries from the public the BBB received in 2009. Work-At-Home offers were #7 on that list, likely a result of an increase in offers of that nature and the continued high unemployment rate.
Predictions for 2010:
The BBB has received thousands of calls about scams that affected consumers this past year. The unique role we play gives us insight into current trends and helps us to predict what is likely to head our way in the coming year. Based on our observations, here are some scams to be on the lookout for in 2010!
Census Scams. Scammers may use the Census in an attempt to ‘phish’ and get personal information from consumers via email. Census information will NOT be collected by email.
‘Green’ Remodeling Offers. When working with a contractor, homeowners should have a clear understanding of what makes a product green and the precise advantages and disadvantages of that item. Consumers should verify that the products offered are eligible for advertised rebates or tax incentives.
Job Scams. Seeking to take advantage of high unemployment rates, scammers will try to rope people into fraudulent re-shipping schemes or offer jobs in exchange for an upfront payment. Be aware that re-shipping schemes are illegal and legitimate employment offers do not require any payment upfront.
Pre-Acquired Account Marketing ‘Offers.’ After making purchases online, customers receive pop-ups offering discounts which appear to come from the retailer. However, the pop-ups come from third-party companies and by clicking on these offers to save, customers unknowingly sign up for memberships, which result in monthly billings (usually far greater than the initial offer of savings) to their credit cards – even when they haven’t directly provided their credit card numbers. Agreements between online retailers and these third-party companies allow customer credit card information to be shared. Customers should be alert when presented with these offers and make sure they understand all the terms of offers they receive.
IRS-related scams. These tend to flare up as tax season approaches. The IRS reminds people that they do not discuss tax account matters with people by email.
Wireless security breaches. Consumers need to be aware that unless they take precautions, their personal information can be compromised when they utilize public Wi-Fi connections.
Fake online classified ads or auction sales. Customers respond to online offers or auctions that are too good to be true, only to find out they don’t get the promised product and their personal information (credit card number) has been compromised.
Gift card scams. This occurs when people buy gift cards from auction sites at reduced prices and then discover the cards are blank or nearly depleted of value. It’s best to purchase a gift card directly from the merchant.
Smishing scams. Similar to phishing, smishing uses cell phone text messages to deliver the "bait" to get you to divulge your personal information. The "hook" (the method used to actually "capture" your information) in the text message may be a Web site URL. However it has become more common to see a phone number that connects to an automated voice response system.
ABA WARNS OF FRAUDULENT EMAILS
WASHINGTON, Jan. 26 - The American Bankers Association has been alerted that someone or a group of individuals sending emails purporting to be from ABA are actually part of a scam commonly known as phishing. These con artists are sending emails asking people to click on a link for more information -- a popular technique to get financial information from the email recipient.
Phishing for financial information has been a long-standing practice. However, criminals are increasingly phishing for access to corporate, small business and government accounts and using that access to withdraw large sums of money from those accounts. Clicking on the link could enable fraudsters to download malicious software on to victims' computers and steal bank passwords and other account information.
The emails inform recipients that an "unauthorized transaction" has been charged to their account using their "bank card." The amount of the transactions is typically between $3,000 and $7,000. ABA would never contact a consumer and ask for financial information.
ABA is working with law enforcement to identify the source of the emails and to disrupt them. ABA offers the following advice to consumers, business and government organizations:
Never give out financial information in response to an unsolicited phone call, fax or email, no matter how official it may seem. If you are uncertain, call your financial institution or the organization that is purportedly contacting you using a phone number you know is safe.
If you have already responded to this type of call or email by providing financial information, contact your financial institution immediately to protect your account;
Be extremely cautious about clicking on links within unsolicited emails. When in doubt, contact the organization purportedly sending the email.
Inform the ABA about fraudulent phone calls and emails that use ABA's name by sending an email to firstname.lastname@example.org.
SPAMMERS CONTINUE TO ABUSE THE NAMES OF TOP GOVERNMENT EXECUTIVES BY MISUSING THE NAME OF THE UNITED STATES ATTORNEY GENERAL
10/27/09 - As with previous spam attacks, which have included the names of high-ranking FBI executives and names of various government agencies, a new version misuses the name of the United States Attorney General, Eric Holder.
The current spam alleges that the Department of Homeland Security and the Federal Bureau of Investigation were informed the e-mail recipient is allegedly involved in money laundering and terrorist-related activities. To avoid legal prosecution, the recipient must obtain a certificate from the Economic Financial Crimes Commission (EFCC) Chairman at a cost of $370. The spam provides the name of the EFCC Chairman and an e-mail address from which the recipient can obtain the required certificate.
DO NOT RESPOND. THESE E-MAILS ARE A HOAX.
Government agencies do not send unsolicited e-mails of this nature. The FBI, Department of Justice, and other United States government executives are briefed on numerous investigations, but do not personally contact consumers regarding such matters. In addition, United States government agencies use the legal process to contact individuals. These agencies do not send threatening letters/e-mails to consumers demanding payments for Internet crimes.
Consumers should not respond to any unsolicited e-mails or click on any embedded links associated with such e-mails, as they may contain viruses or malware.
It is imperative consumers guard their Personally Identifiable Information (PII). Providing your PII will compromise your identity!
If you have been a victim of Internet crime, please file a complaint at www.IC3.gov.
E-mail Claiming to Be From the FDIC - October 26, 2009
The Federal Deposit Insurance Corporation (FDIC) has received numerous reports of a fraudulent e-mail that has the appearance of being sent from the FDIC.
The subject line of the e-mail states: "check your Bank Deposit Insurance Coverage." The e-mail tells recipients that, "You have received this message because you are a holder of a FDIC-insured bank account. Recently FDIC has officially named the bank you have opened your account with as a failed bank, thus, taking control of its assets."
The e-mail then asks recipients to "visit the official FDIC website and perform the following steps to check your Deposit Insurance Coverage" (a fraudulent link is provided). It then instructs recipients to "download and open your personal FDIC Insurance File to check your Deposit Insurance Coverage."
This e-mail and associated Web site are fraudulent.
The FDIC does not issue unsolicited e-mails to consumers. Financial institutions and consumers should NOT follow the link in the fraudulent e-mail.
Recipients should consider the intent of this e-mail as an attempt to collect personal or confidential information, some of which may be used to gain unauthorized access to on-line banking services or to conduct identity theft.
Minnesota Department of Public Safety - March 12, 2009
St. Paul - The year-round con artists' scam to bilk seniors by pretending to be their grandchildren, abroad, in trouble, and in need of cash - spikes during students' spring break travel period, according to the Minnesota Department of Public Safety (DPS) Alcohol and Gambling Enforcement Division (AGED).
AGED warns Minnesota grandparents to exercise caution if they receive phone calls from "grandchildren" requesting money for an urgent situation. Hallmarks of the fraud include a family member, or third-party representing them such as a police officer or border agent; an urgent need for immediate funds; and a demand for secrecy.
Typically in the scam, the caller will say, "Grandma, it's me, your grandchild," and wait for the grandparent to answer, "Jimmy, is that you?" The scammer then claims they need funds wired immediately to cover a vehicle crash, an arrest, border taxes or medical needs. Stressing their embarrassment, the caller urges the grandparent not to inform their parents or friends.
Scammers often can obtain enough accurate background information from the Internet, family tree Web sites, and even newspapers to make the fraudulent calls-for-help appear legitimate. They also rely heavily on leading questions to which grandparents willingly supply the answers.
The timing of spring break travel adds legitimacy to the calls, with many fake calls claiming to be from popular student warm-weather destinations such as Mexico and Jamaica. However, calls purporting to be from Canada lend credibility to the scam throughout the year, given its proximity to Minnesota.
"It's an amoral low as these criminals feed on the trust and goodwill of grandparents responding to perceived danger for their loved-ones," notes AGED Director John Willems. "But it's very real, and our office receives complaints about this scam regularly and year-round."
Willems offers tips to grandparents - and their family members - on how to avoid being taken by this increasingly popular scheme: Make sure of the caller's identity. Don't provide names or other information. Ask something that only the grandchild would know. Verify the location of the family member by calling another family member or friend. Resist the pressure to act quickly. Scammers depend on immediacy and will emotionally leverage love and embarrassment to induce their targets to wire funds quickly.
Minnesotans are asked to be vigilant about scams and other criminal fraud, and to report suspected fraud to the AGED by calling toll-free 866-347-0911; submit information at www.MnScams.org; or forward suspect emails to email@example.com.
Grandparents Targeted by Would-Be Relatives in Trouble: Year-Round Scheme Gathers Steam During Spring Break Travel Period
IRS Warns of New E-Mail and Telephone Scams Using the IRS Name; Advance Payment Scams Starting
R-2008-11, Jan. 30, 2008
WASHINGTON — The Internal Revenue Service today warned taxpayers to beware of several current e-mail and telephone scams that use the IRS name as a lure. The IRS expects such scams to continue through the end of tax return filing season and beyond.
The IRS cautioned taxpayers to be on the lookout for scams involving proposed advance payment checks. Although the government has not yet enacted an economic stimulus package in which the IRS would provide advance payments, known informally as rebates to many Americans, a scam which uses the proposed rebates as bait has already cropped up.
The goal of the scams is to trick people into revealing personal and financial information, such as Social Security, bank account or credit card numbers, which the scammers can use to commit identity theft.
Typically, identity thieves use a victim’s personal and financial data to empty the victim’s financial accounts, run up charges on the victim’s existing credit cards, apply for new loans, credit cards, services or benefits in the victim’s name, file fraudulent tax returns or even commit crimes. Most of these fraudulent activities can be committed electronically from a remote location, including overseas. Committing these activities in cyberspace allows scamsters to act quickly and cover their tracks before the victim becomes aware of the theft.
People whose identities have been stolen can spend months or years — and their hard-earned money — cleaning up the mess thieves have made of their reputations and credit records. In the meantime, victims may lose job opportunities, may be refused loans, education, housing or cars, or even get arrested for crimes they didn't commit.
The most recent scams brought to IRS attention are described below.
Rebate Phone Call
At least one scheme using the word “rebate” as part of the lure has been identified. In that scam, consumers receive a phone call from someone identifying himself as an IRS employee. The caller tells the targeted victim that he is eligible for a sizable rebate for filing his taxes early. The caller then states that he needs the target’s bank account information for the direct deposit of the rebate. If the target refuses, he is told that he cannot receive the rebate.
This phone call is a scam. No legislation has yet been enacted that would allow the IRS to provide advance payments to taxpayers or that determines the details of those payments. Moreover, the IRS does not force taxpayers to use direct deposit. Those who opt for direct deposit do so by completing the appropriate section of their tax return, with bank routing and account information, when they file; the IRS does not gather the information by telephone.
The IRS has seen several variations of a refund-related bogus e-mail which falsely claims to come from the IRS, tells the recipient that he or she is eligible for a tax refund for a specific amount, and instructs the recipient to click on a link in the e-mail to access a refund claim form. The form asks the recipient to enter personal information that the scamsters can then use to access the e-mail recipient’s bank or credit card account.
In a new wrinkle, the current version of the refund scam includes two paragraphs that appear to be directed toward tax-exempt organizations that distribute funds to other organizations or individuals. The e-mail contains the name and supposed signature of the Director of the IRS’s Exempt Organizations business division.
This e-mail is a phony. The IRS does not send unsolicited e-mail about tax account matters to individual, business, tax-exempt or other taxpayers.
Filing a tax return is the only way to apply for a tax refund; there is no separate application form. Taxpayers who wish to find out if they are due a refund from their last annual tax return filing may use the “Where’s My Refund?” interactive application on this Web site, IRS.gov. The only official IRS Web site is located here at www.irs.gov.
Another new scam brought to IRS attention contains features not seen before by the IRS. Using a technique calculated to get almost anyone’s attention, the e-mail notifies the recipient that his or her tax return will be audited. This is the first scam of which the IRS is aware that uses this to get the victim to respond.
Unusual for a scam e-mail, it may contain a salutation in the body addressed to the specific recipient by name. Most scam e-mails seen by the IRS are sent using the same technique used by spammers, in which hundreds of thousands of messages are sent to potential victims based on Internet address. Because of the volume, the typical scam e-mail is not personalized.
This e-mail instructs the recipient to click on links to complete forms with personal and account information, which the scammers will use to commit identity theft.
This e-mail is a phony. The IRS does not send unsolicited, tax-account related e-mails to taxpayers.
Changes to Tax Law e-Mail
This bogus e-mail is addressed to businesses, accountants and “Treasury” managers. It instructs them to download information on tax law changes by clicking on a series of links to publications on businesses, estate taxes, excise taxes, exempt organizations and IRAs and other retirement plans. The IRS believes that clicking on a link downloads malware onto the recipient’s computer. Malware is malicious code that can take over the victim’s computer hard drive, giving someone remote access to the computer, or it could look for passwords and other information and send them to the scamster. There are other types of malware, as well.
The urls contained in the link are not legitimate IRS Web addresses. All IRS.gov Web page addresses begin with http://www.irs.gov/.
Paper Check Phone Call
In a current telephone scam, a caller claims to be an IRS employee who is calling because the IRS sent a check to the individual being called. The caller states that because the check has not been cashed, the IRS wants to verify the individual’s bank account number. The caller may have a foreign accent.
In reality, the IRS leaves it entirely up to the individual to choose to cash or not cash a paper check. The IRS has no business need to know, and does not ask for, bank account or similar information, except when taxpayers indicate on their tax return that they are opting for the direct electronic deposit of their refund. In that case, however, it is the individual’s responsibility to provide the IRS with the correct bank routing and account numbers on the tax return; the IRS does not contact taxpayers to verify the information.
What to Do
Anyone wishing to access the IRS Web site should initiate contact by typing the IRS.gov address into their Internet address window, rather than clicking on a link in an e-mail or opening an attachment.
Those who have received a questionable e-mail claiming to come from the IRS may forward it to a mailbox the IRS has established to receive such e-mails, firstname.lastname@example.org, using instructions contained in an article titled “How to Protect Yourself from Suspicious E-Mails or Phishing Schemes.” Following the instructions will help the IRS track the suspicious e-mail to its origins and shut down the scam. Find the article by visiting IRS.gov and entering the words “suspicious e-mails” into the search box in the upper right corner of the front page.
Those who have received a questionable telephone call that claims to come from the IRS may also use the email@example.com mailbox to notify the IRS of the scam.
The IRS has issued previous warnings on scams that use the IRS to lure victims into believing the scam is legitimate. More information on identity theft, phishing and telephone scams using the IRS name, logo or spoofed (copied) Web site is available on this Web site. Enter the terms “phishing,” “identity theft” or “e-mail scams” into the search box in the upper right corner of the front page.
Identity theft is America's fastest-growing crime
Last year alone, more then 9.9 million Americans were victims of identity theft, a crime that cost them roughly $5 billion.
Click here to visit the Federal Trade Commission's ID Theft Home page if you would like more information concerning identity theft and how to protect yourself.
Be especially vigilant about:
Phishing- fraudulent e-mails, mail or phone calls that appear to be from a well-known source asking you to verify private information such as name, account information, credit information and passwords
Spoofing- an attacker produces a shadow copy of a legitimate website to gain access to personal information
General Tips to Prevent Abuse:
- Be wary of any unsolicited e-mails especially those concealing true identity
- Don’t judge a website by appearances – shadow copies are often equally impressive and professional
- Regularly review account activity at your bank, quickly report questionable activity
- Review Credit Card Account Statements regularly- report discrepancies immediately
- Refrain from giving out personal data on-line or by phone
- Run anti-virus software and update frequently
- Install a personal firewall
- Change passwords often and make sure they are not easily obtainable or easy to guess
- Be wary of parties demanding advance fees
- Suspect all “checks to be deposited” especially from overseas or related to sweepstakes
- Shred all private information before discarding
- Treat all business checks as cash and keep account information under lock and key
- Obtain a copy of your credit report on a yearly basis and review carefully
If you should fall victim to fraud or identity theft, see the above FTC brochure and act immediately.
Free Trial Can Be Risky Business