IRS Warns of New Online Tax Scams: Protect Yourself
Scam artists exploiting tax season have devised a range of new online cons: fake tax documents that contain malicious surprises; mass distribution of keyloggers aimed at snatching the identity of PC-based tax filers; and e-mail messages containing links to Web sites that promise new tax code information but instead push malware onto your PC.
That's not all, according to the Internal Revenue Service. This year, identity thieves are not just trying to gain access to your bank account or to open lines of credit in your name. Scammers are on the prowl for ordinary citizens' identities that they can they can use in filing phony tax returns
Tax Scam 2.0
Why the increase? Fewer taxpayers are using old-fashioned paper forms for preparing and submitting
Stimulus Package Stimulates Scammers
Several states are warning that con artists are using thehighly publicized rebate checks associated with the 2008 federal economic stimulus package as a ploy to get you to divulge personal financial information.
Massachusetts attorney general Martha Coakley says that some state residents have received bogus e-mail messages that purport to be from a government agency such as the IRS or Social Security Administration. The messages request personal information that supposedly would expedite the turnaround time of either a tax refund or a stimulus rebate check.
For the record, the federal government expects to issue economic stimulus rebate checks sometime in May or June. IRS refund checks typically arrive within three weeks of the date when you e-file your return.
Coakley warns that some fraudulent e-mail messages contain links to fake government Web sites that request your Social Security number and bank account numbers so that the IRS can process a rebate check. If you resist disclosing the information, the site informs you that
Tax Hacks With Lax 'Facts'
Another tax scam involves e-mail messages that target accountants, businesses, and individuals, notifying them of supposed changes in tax laws. These phishing messages direct the recipient
The IRS reports having received numerous complaints from people who have downloaded bogus documents to their computer--only to discover that the documents contained malicious code designed to transfer control
Similarly, according to complaints fielded by the IRS, a growing number of tax-themed e-mail messages contain links to Web sites (not files for download) that attempt to install malware on the visitor's PC.
One variation on this gambit informs non-U.S. citizens who reside in the United States that they must either visit a Web site or fill out an enclosed W-8BEN tax form to establish appropriate tax withholding. Recipients are asked to fill out the form (which is bogus) and to supply account numbers, personal identification numbers, their mother's maiden name, and their passport number.
We Do Your Tax Return for You--And Keep the Refund
Identity thieves can be remarkably brazen.
WXYZ, the ABC television affiliate in Detroit, reported that a Michigan woman, Maria Mendoza, lost $4000 when a crook stole her identity and then visited a local H & R Block office to file a tax return, posing as Mendoza. After submitting the return, the scammer asked to receive her $4000 tax refund on the spot, using a Block service called a Rapid Refund debit card.
Avoid Getting Ripped Off
Here are some safeguards to help you steer clear of tax scams:
- Ensure that your Windows desktop protection is current by going to Windows Update. Confirm that you have an updated antivirus software program running on your PC.
- When real IRS employees have questions or concerns about a tax return, they typically contact the consumer by telephone, not via e-mail.
- If you receive a dubious e-mail message that claims to have been sent by the IRS, report it to the tax agency at email@example.com. To check the legitimacy of any e-mail communication or
phone call from  a person who claims to be an  IRS agent, call the IRS (1-800-829-1040).
- Don't click links or call telephone numbers included in suspect messages. Instead, contact the bank or the IRS directly by using phone numbers or addresses listed in published directories.
- Double-check the URLs you type into your Web browser. Mistyping a URL can transport you to a rogue site instead of to the one you want.
- Don't open e-mail attachments. In particular, e-mail attachments with ".scr," ".com," and ".exe" file extensions are likely malicious.