Page 1 of 2

IRS fishing fraud of the day....

Posted: Tue May 26, 2015 2:38 pm
by Duke2Earl
Today's email included the following... I did not click the link.... I just wonder how many believe this obvious fraud.

Dear IRS User,

This is an Important Message regarding your IRS Filing, from previous year and current year.
Our system indicates you have some changes in your record and We will like you to kindly follow up on
your update by clicking the Update Below,
To avoid future difficulty with IRS services.

https://www.IRS.gov/e/rpp/340635864/taxpayers%/1000293838473/?hs=true&tok=1-rJdIbSwdD382a1

Failure to do so, IRS will leave your Information Flagged on the system which will lead to taking other

actions before the next filing period.

IRS will never share taxpayers personal information with third party.

Sincerely,
IRS Online Services

Re: IRS fishing fraud of the day....

Posted: Tue May 26, 2015 2:56 pm
by fortinbras
I'm afraid to try that link. What happens to someone who clicks on it?

Re: IRS fishing fraud of the day....

Posted: Tue May 26, 2015 3:05 pm
by LaVidaRoja
Did you forward the entire post to TIGTA?

Re: IRS fishing fraud of the day....

Posted: Tue May 26, 2015 5:11 pm
by Hyrion
Based on images as provided by http://whois.domaintools.com/ it appears to be reasonably legit.

However - any unsolicited emails requesting information updates should be treated with extreme caution. Any official site can easily be duplicated in look-n-feel.

Further research at http://network-tools.com/ indicates the canonical name is: a321.dscb.akamai.net

And it's aliased as:
http://www.irs.gov
http://www.edgeredirector.irs.akadns.net

The registrar appears to be: TUCOWS DOMAINS INC.

It appears the organization it is registered to is: Akamai Technologies, Inc. (AKAMAI)

Seems to be associated with "8 Cambridge Center" so it could be a cracker working out of MIT.

Akamai Technologies appears to be a cloud services provider. I personally wouldn't trust such information as Tax info to the Cloud.

Whatever it is, current information =

    highly suspicious

Especially when you consider the fact that if you filled out your tax forms correctly, the IRS already has all your current information.

Re: IRS fishing fraud of the day....

Posted: Tue May 26, 2015 6:20 pm
by The Observer
Hyrion wrote:Especially when you consider the fact that if you filled out your tax forms correctly, the IRS already has all your current information.


But even more suspicious is the fact that the IRS has no current policy in place where they would contact taxpayers by e-mail to request information or to go to a website to provide information that is sensitive and covered by privacy laws. Such contact is done by correspondence.

Re: IRS fishing fraud of the day....

Posted: Tue May 26, 2015 7:13 pm
by Famspear
The Observer wrote:
Hyrion wrote:Especially when you consider the fact that if you filled out your tax forms correctly, the IRS already has all your current information.


But even more suspicious is the fact that the IRS has no current policy in place where they would contact taxpayers by e-mail to request information or to go to a website to provide information that is sensitive and covered by privacy laws. Such contact is done by correspondence.


Yes, and even IRS personnel with whom I deal on a repeated basis will not send me an Email. (They can be set up to receive Emails, but for the IRS to send an Email to a taxpayer or a practitioner is still verboten as a general rule, as far as I know.)

Faxes from the IRS are OK, but again that's generally where I have initiated the contact; the IRS doesn't send me a fax "out of the blue." Most initial contacts made by the IRS seem to be by regular U.S. mail.

One possible exception to the "IRS will not send you an Email" rule of which I am aware is the situation where I log on to the IRS web site (with a password, of course) to download account transcripts where I have a power of attorney for a given taxpayer. There might be an option to receive the transcripts from the IRS by Email. If there is, I don't use that option. (I just tried to check on this to verify it, but that part of the IRS web site appears to be "down" at the moment.) But, even there, I as the practitioner -- who is requesting transcripts -- would be the person initiating the activity.

Re: IRS fishing fraud of the day....

Posted: Tue May 26, 2015 7:43 pm
by noblepa
Last week, I received a message on my home answering machine, saying that the IRS was about to file a lawsuit against me and that I should call them back.

Interestingly, the number on caller id, which may have been spoofed, was, in fact a Washington, DC (area code 202) number.

Needless to say, I did not call them back. I reported it to my local police department. I know that they can do nothing, but perhaps they can let others know that scammers are calling numbers in our community.

I also reported it, along with the return number, to phishing@irs.gov.

Partly from reading this forum for the last couple of years, I know that the IRS does not use email to contact taxpayers. I also know that there is no pending action against me or my wife, since I have not been audited or received any other communication from the IRS regarding any of my returns. I know that they don't file a lawsuit. They send a notice of intent to levy and confiscate my assets that way.

Re: IRS fishing fraud of the day....

Posted: Tue May 26, 2015 8:25 pm
by Duke2Earl
Follow up....

I did send a copy of the email to the IRS. It is an obvious fraud for numerous reasons. 1. The IRS NEVER contacts taxpayers by email for further information. If they have questions about a return they will send a letter by US Mail. 2. As noted above the IRS already has my contact information on my 2014 return that was filed electronically in early April through Turbo Tax. 3. I have never given the IRS my email address. 4. I have not moved or changed contact information for almost 20 years. 5. The writer of that email has a bit of a problem with English usages.

All told an obvious Phishing fraud. I have not and will not use the link. But I would not be surprised if some people did fall for it. My entire point in publishing it here is to hopefully inform others what frauds are going around.

Re: IRS fishing fraud of the day....

Posted: Tue May 26, 2015 9:35 pm
by NYGman
From BNA today, although probably not related, you never know:

Identity Thieves Received Private Data of Up to 104,000 From IRS
Posted May 26, 2015, 4:30 P.M. ET
Identity thieves used an IRS system to get access to information on 104,000 taxpayers, Internal Revenue Service Commissioner John Koskinen said.
Koskinen, who announced the breach during a conference call with reporters, said the thieves were able to access past tax returns through the “Get Transcript” function on the IRS's website using some personal information they had already obtained.
The IRS commissioner said the agency will be providing credit monitoring services to affected individuals and won't be putting the transcript function back into use until security is improved

Re: IRS fishing fraud of the day....

Posted: Wed May 27, 2015 12:33 am
by Burnaby49
The Observer wrote:
Hyrion wrote:Especially when you consider the fact that if you filled out your tax forms correctly, the IRS already has all your current information.


But even more suspicious is the fact that the IRS has no current policy in place where they would contact taxpayers by e-mail to request information or to go to a website to provide information that is sensitive and covered by privacy laws. Such contact is done by correspondence.


Same in Canada. The Canada Revenue Agency has a policy of never contacting taxpayers by email. Always snailmail.

Re: IRS fishing fraud of the day....

Posted: Thu May 28, 2015 3:53 pm
by Famspear
noblepa wrote:Last week, I received a message on my home answering machine, saying that the IRS was about to file a lawsuit against me and that I should call them back.


That alone is indicative of a scam as, generally, the Internal Revenue Service itself does not "file lawsuits." If the government is going to sue you over taxes, the lawsuit is filed by the Tax Division of the U.S. Department of Justice. So, if the recorded message used the terms "Internal Revenue Service" or "IRS," the scammers are not sophisticated.

If the issue is U.S. Federal income tax, there is generally a whole series of written notices by regular U.S. mail (including something called a "statutory notice of deficiency" giving the taxpayer 90 days to sue in U.S. Tax Court if desired) that the IRS would mail to the taxpayer before the IRS would assess the tax. We're talking many months of time here.

After assessment (which is the actual recording of the tax liability on the "books" of the IRS in the form of a debit entry in the account for the taxpayer for the year and kind of tax involved), there would be yet another written notice, after which the statutory federal tax lien would arise, effective retroactively to the date of the assessment.

After that, there would be still more notices to be sent to the taxpayer, such as (maybe) a notice of federal tax lien and (maybe) a notice of intent to levy.

Even a notice of intent to levy would not in and of itself result in a seizure. For a seizure, the IRS would still issue yet another, separate notice (such as to the bank, in the case of a seizure of funds in a checking account) called a notice of levy. And even then, the notice of levy would instruct the bank to wait about 20 days before turning over the funds to the government.

In the case of levy of a "principal residence," the IRS would generally have to go to a judge or magistrate of a U.S. District Court to obtain written approval.

After all those notices, at some point the taxpayer might receive an unannounced visit from an IRS Revenue Officer (a collections officer) at his home or place of business or employment. But, in my practice I see notices of intent to levy -- and notices of levy -- where no Revenue Officer has ever visited me or my client. In fact, a visit from a Revenue Officer seems to be the exception rather than the rule.

In short, government does not just "up and decide" one day "out of the blue" to sue a taxpayer over an allegedly unpaid tax.

Re: IRS fishing fraud of the day....

Posted: Fri May 29, 2015 7:11 am
by Burnaby49
This was published today on the Canada Revenue Agency website;

CRA NEWSWIRE
Ottawa, May 28, 2015

BEWARE OF TELEPHONE AND EMAIL SCAMS

The Canada Revenue Agency (CRA) warns you to beware of telephone calls or emails that claim to be from the CRA but are not. These are phishing and other fraudulent scams that could result in identity and financial theft.

You should be especially aware of phishing scams asking for information such as credit card, bank account, and passport numbers. The CRA would never ask for this type of information. Some of these scams ask for this personal information directly, and others refer to a website resembling the CRA's, where you are asked to confirm your identity by entering personal information. You should not click on links included in these emails. Email scams may also contain embedded malicious software that can harm your computer and put your personal information at risk.

Some recent telephone scams involve threatening or forceful language to scare you into paying fictitious debt to the CRA. If you get such a call, hang up and report it to the Canadian Anti-Fraud Centre—see contact information below.

Some recent email scams involve telling you that you are entitled to a refund of a specific amount or telling you that your tax assessment has been verified and you are getting a tax refund. These emails often have CRA logos or Internet links that look official. Some contain obvious grammar or spelling mistakes.

These types of communication are not from the CRA. When the CRA calls you, it has established procedures in place to make sure your personal information is protected. If you want to confirm the authenticity of a CRA telephone number, call the CRA by using the numbers on its Telephone numbers page. The number for business-related calls is 1-800-959-5525. The number for calls about individual concerns is 1-800-959-8281.

To help you identify possible scams, you can use the following guidelines:

The CRA:

•never asks for information about your passport, health card, or driver's licence;
•never shares your taxpayer information with another person, unless you have provided the appropriate authorization; and
•never leaves personal information on your answering machine or asks you to leave a message containing your personal information on an answering machine.
When in doubt, ask yourself the following:

•Am I expecting money from the CRA?
•Does this sound too good to be true?
•Is the requester asking for information I would not include with my tax return?
•Is the requester asking for information I know the CRA already has on file for me?
•How did the requester get my email address or telephone number?
•Am I confident I know who is asking for the information?
•Is there a reason that the CRA may be calling? Do I have a tax balance outstanding?
The CRA has strong practices to protect the confidentiality of taxpayer information. The confidence and trust that individuals and businesses have in the CRA is a cornerstone of Canada's tax system. For more information about the security of taxpayer information and other examples of fraudulent communications, go to http://www.cra.gc.ca/security.

Canadian Anti-Fraud Centre

For information on scams, to report deceptive telemarketing, or if you have given personal or financial information unwittingly, contact the Canadian Anti-Fraud Centre online at http://www.antifraudcentre-centreantifraude.ca or toll free at 1-888-495-8501.


This part is applicable to me;

Some recent email scams involve telling you that you are entitled to a refund of a specific amount or telling you that your tax assessment has been verified and you are getting a tax refund. These emails often have CRA logos or Internet links that look official. Some contain obvious grammar or spelling mistakes.


because I received one of these a while ago about an unexpected refund. It was so obviously a fake I felt insulted. It said, in total;

Dear Taxpayer,

Canada Revenue Agency has sent you an INTERAC e-Transfer
(Previously INTERAC Email Money Transfer)

Amount $654.32 CAD
Sender's Message - A message was not provided
Expirety date - 03 November 2014

Action Required:
To deposit your money click here:

(Claimed INTERAC link)

2014 Canada Revenue Agency (CRA) Support


It was exactly as you see the message, no logo, no CRA contact information, no explanation of why I would be getting funds, no personal information, not even my name. Just the text above and no fancier than you see it. Generally the Quatloos formatting dumbs down cut and paste texts but not this time, it was exactly like that. They could have at least stolen the CRA and government of Canada's logo. They simply weren't trying.

The Canada Revenue Agency has to tell a Canadian taxpayer that funds from the CRA are paid in Canadian dollars? Or that the CRA uses INTERAC?

http://en.wikipedia.org/wiki/Interac_e-Transfer

Re: IRS fishing fraud of the day....

Posted: Tue Jun 23, 2015 4:55 pm
by KickahaOta
One possibility that may be confusing people: Scammers of all sorts will often include links in email where the text shown for the link is the URL of a legitimate site, but the link itself (the URL you're taken to when you click the link) is fraudulent. Like this: http://www.irs.gov/taxpayers?legitimate=obviously.

If you copy and paste the email into an editor for a forum site like this one, you generally lose the formatting and just get the text. So in the case of links, you lose the real link, but still get the text for the link. And the forum software will often say "Oh hey, that text looks like a URL" and helpfully convert it into a clickable link. So everyone else says "That link is legit; what's your problem?"

Re: IRS fishing fraud of the day....

Posted: Fri Jul 03, 2015 2:44 am
by Famspear
Finally! I got one of these myself!

:)

I received this one on my land line answering machine at the house this afternoon while I was at work (my wife was home, and she saved it for me). It was a recording of a woman's voice (sounds like it was generated by a computer):

This call is officially a final notice from IRS.
Internal Revenue Services.
The reason of this call is to inform you that IRS is filing lawsuit against you.
To get more information about this case file, please call immediately on our department number nine seven nine, five eight nine, four zero seven zero.
I repeat nine seven nine, five eight nine, four zero seven zero.
Thank you.


The delivery was pretty "stilted" -- not sophisticated.

Notice the reference to "Internal Revenue Services" (plural).

The phrase "reason of this call" sounds clumsy (most Americans fluent in English would say "reason FOR this call". And the phrase "filing lawsuit against you." Most people would say "filing a lawsuit against you."

:twisted:

The area code 979 indicates that the call back number is in southeast Texas -- maybe Galveston. I live in Houston.

Again the Internal Revenue Service does not "file lawsuits." A lawsuit on behalf of the IRS would be filed by lawyers in the U.S. Department of Justice. And the IRS would not be calling you out of the blue and threatening to file a lawsuit. And the IRS does not issue "final notices" by telephone -- especially when there have been no prior notices leading up to the final notice.

Re: IRS fishing fraud of the day....

Posted: Fri Jul 03, 2015 3:01 am
by morrand
Famspear wrote:It was a recording of a woman's voice (sounds like it was generated by a computer):

This call is officially a final notice from IRS.
Internal Revenue Services.
The reason of this call is to inform you that IRS is filing lawsuit against you.
To get more information about this case file, please call immediately on our department number nine seven nine, five eight nine, four zero seven zero.
I repeat nine seven nine, five eight nine, four zero seven zero.
Thank you.


The delivery was pretty "stilted" -- not sophisticated.


The librarian in me feels compelled to point out—for the benefit of the search engines, and their users who may be trying to double-check this very call—that the "IRS" notice gave a callback number more conventionally rendered as (979) 589-4070.

The 589 exchange is assigned to GTE Southwest (Verizon SW) with a rate center in Kurten, TX, according to NANPA. I doubt that's actually where they're calling from, though; more likely, they're importing the number to wherever they really are.

Re: IRS fishing fraud of the day....

Posted: Mon Jul 06, 2015 7:22 pm
by jcolvin2
My recent phishing email:

Hello

After the last annual calculations of your fiscal activity, we have determined that you are eligible for tax refund 501(c) (17) of the internal Revenue Code.

To access the form for your tax refund, please download and fill in the form attached to this letter.


Yours faithfully,
Internal States Department of the Treasury.


Curiously, section 501(c)(17) relates to a supplemental unemployment benefits trusts, not tax refunds.

Also, not quite sure what is referenced by the "Internal States Department of Treasury." Living in Washington State, which is adjacent to both Canada and the Pacific Ocean, I've always believed I lived in an "external state."

Re: IRS fishing fraud of the day....

Posted: Tue Jul 07, 2015 4:30 am
by Judge Roy Bean
I would urge extreme caution - do not click on any links in emails you do not know the origin of.

Re: IRS fishing fraud of the day....

Posted: Fri Jul 10, 2015 7:16 pm
by Famspear
The authorities have caught some of these kinds of scammers:

A scammer who organized a scheme in which taxpayers were threatened with calls purporting to come from the Internal Revenue Service and the FBI demanding payment has been sentenced to 14 years in prison.

Sahil Patel was sentenced to 175 months in prison and $1 million in forfeiture for his role in organizing the U.S. side of a massive fraud and extortion ring run through various “call centers” located in India, through which Patel and his co-conspirators impersonated American law enforcement officials and threatened victims with arrest and financial penalties unless those victims made payments to avoid purported charges....

[ . . ]

The scam has been continuing and on the rise this year despite Patel’s arrest. Taxpayers who have been targeted by the scam can report the incident to the Treasury Inspector General for Tax Administration at http://www.tigta.gov and clicking on the IRS Impersonation Scam Reporting tab in the upper right corner, or call the TIGTA hotline at 1-800-366-4484.


--from Michael Cohn, "IRS Phone Scam Ringleader Gets 14-Year Sentence," July 8, 2015, Accounting Today, at:

http://www.accountingtoday.com/news/tax ... A&st=email

EDIT: The case is United States v. Sahil Patel, case no. 14-cr-00158-AKH, U.S. District Court for the Southern District of New York.

Sahil ("Scumbag") Patel pleaded guilty to one count of interference with commerce by threats or violence (18 USC section 1951), one count of conspiracy to commit an offense (18 USC section 371), specifically conspiracy to pretend to be a federal officer or employee to obtain something of value, under 18 USC section 912, one count of attempting to commit fraud by wire (18 USC sections 1349 and 1343), and one count of using the names and phone numbers of other individuals to extort the payment of funds under the false pretense that he and others were bill collectors and federal officials, under 18 USC section 1028A and section 2.

I hope Scumbag Sahil enjoys his llllllllooonnnnnnnnnnnnngg stay in federal prison.

:twisted:

Re: IRS fishing fraud of the day....

Posted: Wed Jul 15, 2015 9:41 pm
by noblepa
One trick that can help identify dangerous clickable links: Internet Explorer and most other browsers will display the actual URL if you "float" your mouse over the link, without clicking on it. As was pointed out previously, links consist of two parts, the text and the actual URL.

Scammers will often create a link that has a perfectly legitimate sounding text, but in which the underlying URL actually goes to their own site, where they can try to extract personal or financial informtion.

So, whenever I get an email with a link, I float the mouse over the link and IE will display the actual destination in the lower left corner of the window.

Also, it is helpful to know what the various pieces of a URL mean. For example, in the URL: http://www.companyname.com/folder1/folder2/webpage.html, http://www.companyname is the website. Everything after that is simply a file system path to a particular webpage on that server.

If you see a URL something like: http://www.piratewebsite.ru/www.irs.gov/form1040.html, beware! Some people are fooled by the "www.irs.gov" part and think that the link is legitimate. It is not. The website is actually in Russia. The http://www.irs.gov/form1040.html simply refers to a webpage on their server. Remember, the website is the text between the double slash and the next single slash. After that, it is simply navigating around the website. If the first part is bogus, the last part can not be legit.

Re: IRS fishing fraud of the day....

Posted: Wed Jul 15, 2015 9:48 pm
by KickahaOta
People also fall for URLs like http://www.irs.gov.ch -- they see "http://www.irs.gov" at the start of the URL and think they're good, when the ".ch" means that it's being handled by a whole different non-US domain registry.

But the real right answer is "If there's anything remotely suspicious about the email, just don't click on anything in it, period, no matter how legitimate it looks." If you get an email from Citibank saying that you need to straighten something out with them (and you really do have an account with Citibank so it might be true), don't follow any links in the email and don't click any attachments -- open your browser, go to Citibank's website in the way you normally would, access your account information in the way you normally would, and check there.