Scam artists exploiting tax season have devised a range of new online cons: fake tax documents that contain malicious surprises; mass distribution of keyloggers aimed at snatching the identity of PC-based tax filers; and e-mail messages containing links to Web sites that promise new tax code information but instead push malware onto your PC.
That's not all, according to the Internal Revenue Service. This year, identity thieves are not just trying to gain access to your bank account or to open lines of credit in your name. Scammers are on the prowl for ordinary citizens' identities that they can they can use in filing phony tax returns and fraudulently claiming refunds, as well as to swipe rebates associated with the 2008 federal economic stimulus package.
Security experts at Webroot Software report seeing a new wave of keyloggers (programs that secretly record every character you type), system monitors, and viruses leading up to prime tax filing season. Webroot's Threat Research Team says that more than 1200 new key-logging programs and 336 versions of system monitoring spyware have been found and defined in the past month alone.
Why the increase? Fewer taxpayers are using old-fashioned paper forms for preparing and submitting their taxes. According to Webroot's figures, a record 22 million taxpayers filed their taxes from a home computer last year, up 11 percent from the previous year. Scammers know this and figure that your identity is especially vulnerable to theft when you're filling out your tax documents with a software program or filing them over the Internet.
Several states warn that con artists have already begun the highly publicized rebate checks associated as a ploy to get you to divulge personal financial information.
Massachusetts attorney general Martha Coakley says that some state residents have received bogus e-mail messages that purport to be from a government agency such as the IRS or Social Security Administration. The messages request personal information that supposedly would expedite the turnaround time of either a tax refund or a stimulus rebate check.
For the record, the federal government expects to issue economic stimulus rebate checks sometime in May or June. IRS refund checks typically arrive within three weeks of the date when you e-file your return.
Coakley warns that some fraudulent e-mail messages contain links to fake government Web sites that request your Social Security number and bank account numbers so that the IRS can process a rebate check. If you resist disclosing the information, the site informs you that you won't be able to receive your rebate.Tax Hacks With Lax 'Facts'
Another tax scam involves e-mail messages that target accountants, businesses, and individuals, notifying them of supposed changes in tax laws. These phishing messages direct the recipient to download "updated" tax documents that reflect the new tax laws.
The IRS reports having received numerous complaints from people who have downloaded bogus documents to their computer--only to discover that the documents contained malicious code designed to transfer control over the PC to a third party.
Similarly, according to complaints fielded by the IRS, a growing number of tax-themed e-mail messages contain links to Web sites (not files for download) that attempt to install malware on the visitor's PC.
One variation on this gambit informs non-U.S. citizens who reside in the United States that they must either visit a Web site or fill out an enclosed W-8BEN tax form to establish appropriate tax withholding. Recipients are asked to fill out the form (which is bogus) and to supply account numbers, personal identification numbers, their mother's maiden name, and their passport number.
Identity thieves can be remarkably brazen.
WXYZ, the ABC television affiliate in Detroit, reported that a Michigan woman, Maria Mendoza, lost $4000 when a crook stole her identity and then visited a local H & R Block office to file a tax return, posing as Mendoza. After submitting the return, the scammer asked to receive her $4000 tax refund on the spot, using a Block service called a Rapid Refund debit card.
Here are some safeguards to help you steer clear of tax scams:
- Ensure that your Windows desktop protection is current by going to Windows Update. Confirm that you have an updated antivirus software program running on your PC.
- When real IRS employees have questions or concerns about a tax return, they typically contact the consumer by telephone, not via e-mail.
- If you receive a dubious e-mail message that claims to have been sent by the IRS, report it to the tax agency at email@example.com. To check the legitimacy of any e-mail communication or phone call from a person who claims to be an IRS agent, call the IRS (1-800-829-1040).
- Don't click links or call telephone numbers included in suspect messages. Instead, contact the bank or the IRS directly by using phone numbers or addresses listed in published directories.
- Double-check the URLs you type into your Web browser. Mistyping a URL can transport you to a rogue site instead of to the one you want.
- Don't open e-mail attachments. In particular, e-mail attachments with ".scr," ".com," and ".exe" file extensions are likely malicious.