Phishing for Tax Scam Victims

With tax day approaching, federal officials are warning taxpayers to steer clear of e-mail scams offering fast access to tax refunds.

The IRS and the U.S. Treasury Department say bogus e-mails from the IRS have been increasing in number and sophistication since December 2005.

These so-called phishing scams — intended to pry personal information from unwitting victims that criminals can use to access bank accounts, credit cards or commit identity theft — are expected to increase shortly after April 17, the filing deadline for 2005 returns.

“It’s a bigger problem right now than we ever imagined it would be,” said Bonnie Heald, spokesperson for the Treasury Inspector General for Tax Administration. The division of the U.S. Treasury Department investigates IRS-related phishing reports with the U.S. computer emergency readiness team run by the Homeland Security department.

Heald said the department has been deluged with complaints about phishing this year. Investigators identified 64 separate scams apparently originating in 25 different countries, including the U.S., Aruba, Italy, Austria, England and Canada.

One phishing scheme, which comes disguised as an e-mail from the IRS, asks recipients to click on an embedded link in order to claim their tax refunds. After doing so, they are asked to provide their bank account information and social security numbers.

In another e-mail scam, recipients are advised that they are “under audit” and asked to divulge private financial information.

Falsely using the IRS seal on a Web site or in an e-mail is a federal offense. Phishers who do so face up to five years imprisonment, a $250,000 fine or both.

So far, no one has been prosecuted for running an IRS phishing scam, although the Treasury Department has helped to shut down 69 phishing Web sites in 2006, Heald said.

“They often quickly pop up in different places right after we do that,” she added. “It’s an international cat and mouse game.”

The IRS annually provides a list of current scams and schemes, dubbed the Dirty Dozen.

This year, phishing ranks third on the list.

“Every tax season brings some sort of scam to the fore as unscrupulous people try to take advantage of the tax season,” said IRS spokesperson Nancy Mathis. “Phishing is just a high-tech version of what’s gone on in the past, with entities falsely claiming to be the IRS.”

Mathis said the IRS does not contact taxpayers via e-mail to discuss any part of their tax returns, but they do send out e-mails with news releases and other guidance.

“If any taxpayer has any questions about the validity of any IRS contact, whether it’s by person, mail or telephone, they can check it out by calling 1-800-829-1040.”

The IRS has an outstanding track record for security. More than 600 million tax returns have been filed electronically over the last 20 years with no security incidents.

Back in 1986, only professional tax preparers from the larger firms could file clients’ taxes electronically, and 25,000 refund-only individual income tax returns were transmitted by dial-up modem over secured phone lines from three locations, Cincinnati, Raleigh-Durham and Phoenix.

By 1996, citizens could file their taxes returns from their home computers. The practice has caught on steadily since then, bolstered in part by the availability of tax preparation software.

The IRS is reporting an increase of 17 percent of consumers tax filing from their home computers this year. Tax refunds are being direct-deposited at an increase of 67 percent this year.

Most filings still come from tax preparers, Mathis said, but the fastest growth area is in self-prepared returns. Last year 68.4 million out of 140 million tax returns were filed electronically.

Meanwhile, the National Cyber Security Alliance, a public-private partnership whose sponsors include the Department of Homeland Security and the Federal Trade Commission, warns that the tax phishing problem could get worse after tax day.

“A lot of these e-mails have to do with the status of your tax refund and what you’re owed,” said Ron Teixeira, executive director of the National Cyber Security Alliance.

“If a consumer gets that now [before tax day] and they haven’t filed taxes, they won’t think twice about it. After April 17, they are more likely to take the bait.”

News Around the Web