Security

IRS Warns of New Online Tax Scams: Protect Yourself

Tax Hacks With Lax 'Facts'

Another tax scam involves e-mail messages that target accountants, businesses, and individuals, notifying them of supposed changes in tax laws. These phishing messages direct the recipient to download "updated" tax documents that reflect the new tax laws.

The IRS reports having received numerous complaints from people who have downloaded bogus documents to their computer--only to discover that the documents contained malicious code designed to transfer control over the PC to a third party.

Similarly, according to complaints fielded by the IRS, a growing number of tax-themed e-mail messages contain links to Web sites (not files for download) that attempt to install malware on the visitor's PC.

One variation on this gambit informs non-U.S. citizens who reside in the United States that they must either visit a Web site or fill out an enclosed W-8BEN tax form to establish appropriate tax withholding. Recipients are asked to fill out the form (which is bogus) and to supply account numbers, personal identification numbers, their mother's maiden name, and their passport number.

We Do Your Tax Return for You--And Keep the Refund

Identity thieves can be remarkably brazen.

WXYZ, the ABC television affiliate in Detroit, reported that a Michigan woman, Maria Mendoza, lost $4000 when a crook stole her identity and then visited a local H & R Block office to file a tax return, posing as Mendoza. After submitting the return, the scammer asked to receive her $4000 tax refund on the spot, using a Block service called a Rapid Refund debit card.

Avoid Getting Ripped Off

Here are some safeguards to help you steer clear of tax scams:

  • Ensure that your Windows desktop protection is current by going to Windows Update. Confirm that you have an updated antivirus software program running on your PC.
  • When real IRS employees have questions or concerns about a tax return, they typically contact the consumer by telephone, not via e-mail.
  • If you receive a dubious e-mail message that claims to have been sent by the IRS, report it to the tax agency at phishing@irs.gov. To check the legitimacy of any e-mail communication or phone call from a person who claims to be an IRS agent, call the IRS (1-800-829-1040).
  • Don't click links or call telephone numbers included in suspect messages. Instead, contact the bank or the IRS directly by using phone numbers or addresses listed in published directories.
  • Double-check the URLs you type into your Web browser. Mistyping a URL can transport you to a rogue site instead of to the one you want.
  • Don't open e-mail attachments. In particular, e-mail attachments with ".scr," ".com," and ".exe" file extensions are likely malicious.

Subscribe to the Security Watch Newsletter

Comments