Email Scams and Identity Theft

The days are getting longer. The crocuses and tulips are blooming. Familiar birds have returned to begin nest building. The air is warm and the phish are biting.

Along with more welcome harbingers of spring, email scams and identity theft phishing expeditions are sure signs that spring and tax season are right around the corner. As reliably as spring follows winter, every year there’s an up tick in the number of tax-related scams as tax season approaches its peak.

Bogus TurboTax and IRS emails resurfacing

If you’re one of the seven million people who bought TurboTax this year, don’t be fooled by an email from “Turbotax.com” or “turbotax.us” about updating their software. TurboTax emails will always come from Intuit.com, and would never request personal info, according to the TurboTax Support Site.

Another spring perennial is the one senders claim is from the Internal Revenue Service. Don’t let an email elicit excitement about your pending return, or anxiety over a pending audit. Both tactics are being used this year, and in a new twist, the recipient’s real name may be used in the email.

The IRS has also received copies of email scams promising recipients advance payments on their tax rebates. No matter how official the email looks, the IRS will never initiate contact by email. If you have received this or other suspicious emails sent under the apparent auspices of the IRS, never click on any of the links. Forward the email to phishing@irs.gov or file a report with the IRS by calling 1-800-829-1040.

Tips for identifying and avoiding phishing emails and scams

The objective of a phishing email is to trick you into divulging personal information that senders can use to commit identity theft. Any unsolicited email you receive that requests your Social Security number, credit card account numbers, bank account numbers or PINs, is most likely a phishing expedition.

• Senders will try to induce panic by threatening to close your account, tack on fines or fees to an existing account, or withhold money owed you. Keep a cool head. If you receive a suspicious email, call the reputable source directly to make inquires about the validity of the email.
• Watch out for emails with a general salutation, such as Dear Cardholder, Dear Taxpayer, Dear Bank Customer, Dear User, Dear Subscriber, etc. If someone is asking for something as personal and sensitive as an account number or your SSN, shouldn’t they at least know your name?
• Email scams and phishing emails are frequently sent from overseas. Common telltale signs are misspelled words or awkward grammar.
• Don’t let look-alike graphics and logos fool you. Very often, the original graphics are copied directly from a legitimate website.
• Do not click on any links. Never open any attachments.

For the month of December 2007, APWG, the Antiphishing Working Group, identified more than 25,000 unique phishing email, linked to more than 2,200 websites hosting weblogging. Once you connect one of these sites, thieves can begin recording your keystrokes, thereby gaining your passwords, account numbers, PINs, SSN and more.