The phone rang. My first mistake? Answering it. My second? Listening to the well-scripted gentlemen relay the following information:
"Hello Ma'am" announced a voice with a distinct, almost halting South African accent, "I am calling from the IRS in Washington D.C. and you owe us money. If you do not send me a wire transfer of what you owe us by end of day today, I will have the police come to your home and have you arrested in front of your family and neighbors."
Between the telemarketers, presidential candidate hopefuls, and random bill collectors who still call for "Denise" - the woman who apparently had my home phone number ten years ago - this call was one I needed like a hole in the head.
Well, of course, I exchanged some 'pleasantries' with the gentlemen (after all, how could I not, and BTW when did these scammers graduate from email chain letters to phony phone calls?) - and ultimately hung up on him. A couple of hours later he called again. This time it went to voicemail and again, made the same threat to me before hanging up. This happened a total of six more times within 48 hours at which point I had the number blocked and have not heard from this man - nor the IRS of course, since.
I felt compelled to call the local police department to let them know about the calls I had been getting. Being in the security space for nearly a decade, I knew there was not much they could do, but I made the report anyway. The officer I spoke with informed me that she had received more than 60 such complaints about similar calls made to residents throughout my area in just the last week alone.
With that, the sprint to tax filing season begins anew. Not only for taxpayers seeking proper refunds, but also for scammers looking to take your hard earned money and spend it living on some sun-soaked tropical island, all expenses paid. Did these cybercriminals not steal enough during the holiday shopping season?
The aforementioned "impersonator" scam is one of several the IRS warns citizens about every tax season. And, for the record (and this is a recurring theme when it comes to paying your federal taxes), the IRS will never solicit payment for taxes through the use of a credit, debit or wire transfer over the phone, demand immediate payment, or threaten to have you arrested by the local police for nonpayment. It doesn't happen and never would.
By the way, if you're at all interested in what fraudsters like this cost Uncle Sam every year, the Government Accountability Office (GAO) states it prevented a little over $24 billion in fraudulent refunds in 2013 (the most recent year statistics are available), a quarter of which (or $6 billion) were eventually confirmed to be fraudulent.
So, besides watching out for these IRS impersonator types, what else should you be aware of in the upcoming tax season?
Well, there's phishing scams, otherwise known as emails that look to be legitimate, that appear to originate from the IRS and require you to update your existing IRS e-file records immediately due to some change the IRS has initiated. Typically these phishing emails include a hyperlink to a carefully constructed 'knock-off' of the official IRS website where you enter all of your personal information in the forms provided. Of course, all of it is a complete and total sham, and you should never click on any of the links included in the email.
Coincidentally there are also emails from the IRS letting you know your return has been selected to be audited. What's new here, according to the IRS, is that unlike most spam emails that send an anonymous email to a range of Internet addresses, this email may address the taxpayer by name. As with other phishing scams, however, the email directs the taxpayer to click on a link where the taxpayer will find a bunch of phony forms to fill out, and where your routing and bank account information is required. Once you hit "send," your data is (likely to be) aggregated, stratified and otherwise used by a cybercriminal to commit identity theft in your name. To avoid this scam, remember that if the email looks suspicious, it probably is.
The bottom line in keeping your personal information safe during the upcoming tax season is to realize that the Internal Revenue Service - like most businesses, and other federal agencies for that matter - does not (even in 2016) conduct their transactions with the people who pay their salary in anything but an above-the-board manner. Not over email, not by phone, and in fact by snail mail only.
Besides, it's my hope that when it comes to this upcoming tax season and increased awareness of these scams, my "friend" representing the IRS (and who inspired this post) goes back to his routine of shooting off rounds of email spam inviting strangers to take advantage of his largesse due to some royal inheritance he feels obligated to share with them. At the very least, it will put him out of the business of making phony calls, posing as an "IRS agent" in order to take advantage of responsible tax paying people like me - and you.
Author: Heidi Bleau
Category: RSA Fundamentals, RSA Point of View, Blog Post, Securing the Digital World
Keywords: Consumer Security, Cybercrime and Fraud, IRS scams, Phishing