One of our clients recently contacted me about an email he had received from the IRS. He wanted to know why the IRS would be contacting him by email. And why was the IRS asking him for personal information? Was the email legitimate? A little digging uncovered the answer.
Internet scammers are now going after the biggest target of all, taxpayers. IRS and treasury department officials have noticed an increase in email “phishing” scams this winter. The scammers are using the IRS logo in emails that seek to entice taxpayers to disclose personal information by telling people they are due a refund. The emails look real. But the IRS doesn’t communicate with taxpayers via email. So any email purporting to come from the IRS is a fake.
“Phishing” (pronounced “fishing”) is an Internet scam that seeks to trick people into giving up their usernames and passwords so that the scammers can plunder Internet users’ financial accounts or steal personal information for identity theft schemes. Some of these scams are very well done, with perfect graphics and content that sounds just like it came from a legitimate source. Citibank customers have been a big target. Customers of the online payment service PayPal has also been hit with this type of scam.
Here is how a typical email phishing scheme works. The Internet savvy may note that the email address in the header of the email looks legitimate, lending the email an air of authenticity. But the real key to the scam is in the link that they want you to click in the email. Click the link and you are directed to an official looking page on the scammer’s website. The webpage will have fields for you to enter information like bank account numbers, passwords, social security number, and so on.
How do they get you to enter such information? Sometimes the scammers promise a reward (in the IRS case, a refund), and sometimes they tell you that your account information has been compromised and they need confirmation of your account information to thwart the bad guys (as in the Citibank and PayPal scams). The scammers are particularly good at preying on your fears.
So how do you know if such an email is a scam? No reputable, legitimate company should ever solicit private, personal information about you via email. Still in doubt about the legitimacy of the email? Call the company to get confirmation. (Don’t use the contact phone number provided in the email!) And then consider whether you want to do business with a company that would ask you for such information via an unsolicited email. They are putting you and your financial health in jeopardy.
Sometimes it’s a jungle out there. Let’s be careful!