Scam of the day – October 19, 2012 – New IRS scam

Many of us pay our taxes online and many of us have a refund deposited electronically into our bank accounts.  It is a quick and efficient way to pay your taxes and get your refund safely.  However, scam artists are aware of this and are sending out phony emails purporting to be from the IRS telling their victims that their refund deposit failed and asking the potential victim to click on a link for the details of how to remedy the situation.  Of course, if you click on the link, what you will end up doing is downloading keystroke logging malware that will enable the scammer to steal all of the information from your computer.  Some of the notices are even followed up with another email telling you that it is a second notice and that your refund is being cancelled unless you click on the link to remedy the situation.  Don’t click on the link.

TIPS

Never click on links unless you are positive that it is legitimate and even then you cannot be sure, if it is something being sent by a friend that they are not passing on something to you that they do not realize is infected.  In regard to this particular phishing scam, although the email looks legitimate, it does not include your name and the address line on the email  and indicates it was sent from an email address other than the IRS.  However, even if the email address appears to be from the IRS, it is easy to spoof or copy the address to make it appear that it is from the IRS.   The safe thing to do if you have any questions as to the legitimacy of such an email is to call or email the IRS.

What is Smishing?

Smishing is similar to phishing on your computer, but this time the scammers message comes as a text message on your cell phone.  Often it comes purportedly from your bank telling you that your account has been frozen and then asks you to provide personal information or your account will be frozen.  Smishing is also used by scammers, particularly during the holidays to appear to provide free coupons or free coupons.

TIP

Never respond to a smishing message.  By so doing you only succeed in telling the scammer that you are out there.  Never provide personal information in response to a text message from anyone.  If you believe the message may be legitimate, contact the entity at a telephone number or website that you know is accurate.  Don’t download coupons from emails or text messages.  Again, if you think it may be legitimate, go to the website of the company that you know is legitimate and download the coupons there.

What is Phishing?

Phishing occurs when an identity thief lures you through a phony email that purports to be from a bank, another legitimate company or even the IRS or other governmental agency to a phony website that looks like the website of that legitimate company, but actually is just a con to entice you into providing personal financial information.    Often phishing scams prey upon our fears by telling us that our accounts have been compromised and that if we do not provide verifying information, our accounts will be closed.

Clicking through to the phony websites also carries the risk of unwittingly downloading malware such as keystroke logging programs that once installed on your computer provide the scammer with all of the information found about you on your computer. This information can be used to make you a victim of identity theft or even to empty your bank accounts if you use your computer for online banking.

TIP

Never click on a link to a website unless you are totally sure that it is legitimate.  Trust me you can’t trust anyone.  Even if you receive an email from someone you trust, it may not be from them at all, but rather from someone who has hijacked their email or even if it is from them, they may have, in turn, fallen prey to a scam artist and may be passing along dangerous malware without even knowing it.

Install antiphishing software on your computer to warn you before going to a website that may be tainted.  A good, free antiphishing software can be found at www.toolbar.netcraft.com.