Thursday, March 16, 2006

IRS phishing scam: Part 2

Phishing = pretending to be a company or individual, the government or even your mom, and trying to get you to provide your sensitive personal information, like social security number, bank account, insurance ID number, health records, etc. It often involves going to some imitation web site, where you fill out a form.

These phishing criminals are wanting to steal your ID, and ID theft could take much expense and up to 3 years to totally clear up...while you lose your house, your car, your life savings, etc. Can you say "wipe out"?

The most famous phishing scams are when criminals pretend to be PayPal, eBay, and Wells Fargo or other banks.

Never give your email address to your bank. They don't need it. Don't give it to your doctor or any hospital. That way, every single time you receive an email "from" your bank, doctor, hospital, the IRS, or other trusted organization, you'll automatically know it is a phishing scam.

If you think some organization might have your email address, and might really be trying to reach you, just go to their site and visit the appropriate page, like "My Account".

Here's what the IRS web site says.

"Overview of IRS Phishing Activity" February 2006


Since November, 2005, the Treasury Inspector General for Tax Administration (TIGTA) has received numerous complaints regarding “phishing” schemes which purport to be from the Internal Revenue Service (IRS) and solicit personal and financial information from American taxpayers.

TIGTA determined that these complaints were associated with 12 separate phishing schemes traced to 11 separate countries.

"Phishing" has been defined “as a technique used to gain personal information for purposes of identity theft, using fraudulent e-mail messages that appear to come from legitimate businesses.

These authentic-looking messages are designed to fool recipients into divulging personal data such as account numbers and passwords, credit card numbers and Social Security numbers,” according to Computerworld magazine.

The term "phishing" arises from the use of increasingly sophisticated lures to “fish” for users.

The current phishing schemes that utilize the IRS as the bait begin by an email that is sent out using the same techniques employed by “spammers.”

Hundreds of thousands of messages are sent to potential victims advising the e-mail recipients that they are under investigation by the IRS or that they have a refund pending from the IRS. The email then asks the intended victim to click on a link contained within the email to “access the IRS website.”

The link is created to appear that it is authentic and government sponsored. The link connects the victim to a site that, from all outward appearances, appears to be legitimate, and then prompts the victim for personal identifiers, credit card numbers and credit card pin numbers.

The phishing sites appear legitimate because most of the content is obtained from an actual page on the IRS website, which is then modified by the “phishers”.

TIGTA has been instrumental in working with the IRS Computer Security Incident Response Capability (CSIRC), the US Computer Emergency Readiness Team (US-CERT), and various Internet Service Providers and international CERT teams to have the phishing sites taken offline as soon as they are reported.

To date, TIGTA investigations have identified 12 separate IRS phishing sites from the following 11 different countries: United States, Aruba, Italy, Austria, England, Canada, Germany, Mexico, Argentian, Korea and Singapore.

The IRS never sends out unsolicited emails, and under no circumstances, requests credit card information and pin numbers through email.

Persons receiving emails that claim to be from the IRS should not attempt to visit any site contained within the email and should report suspicious emails to TIGTA or IRS.

Recipients of these emails should notify the TIGTA toll-free Hotline at 1-800-366-4484 or via TIGTA's Web site.


1 comment:

MARYBETH said...

Hello SS,
You must be feeling better =)
Just wanted to give ya a little reminder nudge that Miss Carrie is in hospital now having baby. thought ya might want to leave a message, so she will have lots of them when she returns....oh I cant wait to know all is well!!!
I hope you are too VTG =)