Jan. 30, 2008

WASHINGTON — The Internal Revenue Service today warned taxpayers to beware of several current e-mail and telephone scams that use the IRS name as a lure. The IRS expects such scams to continue through the end of tax return filing season and beyond.

The IRS cautioned taxpayers to be on the lookout for scams involving proposed advance payment checks. Although the government has not yet enacted an economic stimulus package in which the IRS would provide advance payments, known informally as rebates to many Americans, a scam which uses the proposed rebates as bait has already cropped up.

The goal of the scams is to trick people into revealing personal and financial information, such as Social Security, bank account or credit card numbers, which the scammers can use to commit identity theft.

Typically, identity thieves use a victim's personal and financial data to empty the victim's financial accounts, run up charges on the victim's existing credit cards, apply for new loans, credit cards, services or benefits in the victim's name, file fraudulent tax returns or even commit crimes. Most of these fraudulent activities can be committed electronically from a remote location, including overseas. Committing these activities in cyberspace allows scamsters to act quickly and cover their tracks before the victim becomes aware of the theft. Those who have received a questionable telephone call that claims to come from the IRS may also use the phishing@irs.gov mailbox to notify the IRS of the scam.  

June 4, 2007

Madison , Wisconsin ( 4/26/07 ) – A new phishing scheme that uses a “call forwarding” component enables phishers to portray themselves as the victim when a financial institution calls to verify a bank transaction.

The phishing scheme asks the financial institution's member/customers via email to verify their phone number and states that if they do not confirm their phone number, their account will be suspended.

The phisher's instructions are:

• Step 1: Go to your phone and dial *72
• Step 2: Dial 707-531-4910 (XYZ Bank secure line)
• Step 3: A message states “Your phone number is confirmed. You will receive a call from us in one hour for final verification. If you have confirmed your phone number, you can continue the update process.”

By inputting these numbers, victims actually forward their calls to the phisher's redirect number. This will go on until the victim notices they aren't getting any verification calls.

Victims may also get a call from the phisher or an answering machine posing as their financial institution to query any transaction in that period. After they confirm their phone number, the caller asks them to update their personal information, including social security, bank account and credit card numbers.

This particular phishing scam was detected by an internet service provider and the victim's telephone company took care of the phone number, according to SecureWorks, an Atlanta-based information security solutions provider. However, the company warns that variances of the scam are on the internet with a more complex set of “call forwarding” numbers.

Several other phishing scams have been reported by credit unions around the country:

• Identity thieves sent members of North Island Credit Union bogus emails that claimed to be customer surveys from the credit union. The emails had North Island 's slogan and logo and offered $20 to participants who complete the five-question survey. To obtain the $20, members were asked to give out their account numbers and passwords, so the money could be “deposited” into their accounts. Thieves then used the information to steal money from the accounts (The San Diego Union -Tribune, April 24).
• Members of Hickam Federal Credit Union received phony email messages stating the member's account had been deactivated and instructed the member to click on a supplied link. When the member clicked the link, the phisher would try to obtain the user's credit union ID and password ( Honolulu Advertiser, April 24).

June 4, 2007

NEW YORK ( 3/29/07 ) – A slick credit card scam that has made its rounds for several years seems to be resurfacing. It's slick because the caller provides information he already has about you and asks you to “verify” the information. The caller then goes one step further and asks for the three-digit code on the back of your credit card.

It works like this: A caller claims to work for the fraud department at Visa or MasterCard and provides a badge number. The fraudster then asks if you recently purchased an anti-telemarketing device for nearly $500. If your reply is “No,” he tells you the fraud department has been investigating this particular telemarketing device retailer then offers to block the charge from your credit card. He goes a step further by asking you to verify your name, address, credit card number, expiration date and asks for the three-digit code on the back of the credit card.

Industry experts suggest you hang up immediately if you receive a call similar to the one described. To avoid being a victim of this scam, simply don't give out any information nor should you confirm any information the caller claims to already have. Many internet retailers require the code as a security measure. A crook may have already stolen your credit card information and can't use your card until they get the three-digit code to complete their fraudulent transaction.

This scam has been going on since MasterCard began putting CVC2 security codes on the back of its card in 1997. A credit card company does not ask a cardholder to disclose security codes or provide any information verifying a physical possession on the card. Any such inquiries regarding security matters would come from the financial institution that issued the credit card, not from the card company (www.snopes.com).

July 18, 2006
ATTENTION ALL LANDLORDS. There is a scam going on. It works like this.

SUMMARY: Via email some one want to lease your home sight unseen and to send you cashier checks for a years rent and deposit. The cashier checks are FAKE. They are for more money that owed and on the day you receive them, they want a REFUND of the supposed overpayment wired to their bank. In other words, THEY GIVE YOU FAKE CASHIERS CHECKS AND WANT YOU TO WIRE TRANFER YOUR GOOD MONEY TO THEM. By the time your deposit comes back, they have disappeared with your good money.

They are doing this for home rentals, auto sales, etc.

SOME SUGGESTIONS

Do not even respond to inquires from anyone wanting to send you money without seeing the property first.
The scammer say they are from out of the country, usually the UK . They usually have a Yahoo.uk email address, but not always.
Scammer usually say they are a Doctor to impress you.
Scammers LIKE TO TYPE IN CAPS
Do not lease a property sight unseen. The applicant or someone he works with etc. needs to see the property for them.
Always have an applicant fill out a rental application.
Always run a credit check.
Ask plenty of qualifying questions.
Use common sense.
NEVER refund any money.

If you follow the above suggestions, you will be fine. This is all you need to know but here is some additional info if you are interested.

Click here for some examples of Rental Scam Emails

HOW TO REPORT

For e-mail abuse i.e. Spam, include full-unmodified header information and content of the email. Header information is a requirement for reporting e-mail abuse. Without the header information, the Abuse Team cannot determine the true originator of the e-mail and no action will be taken. If you are unsure how to extract a full-unmodified header, please visit SpamCop for instructions to support your e-mail client.

After you get the headers showing on the email, forward the email to abuse@yahoo.com or to the internet service provider responsible for hosting the services used by the spammer (web sites and email sending sites) i.e. abuse@yahoo.com, abuse@mindspring.com, abuse@msn.com, etc. Reporting this is the best way to get the offending email removed.

December 13, 2005
Currently, there is a NCUA and Credit Union Security Services phishing (pronounced "fishing") e-mail scam in circulation over the Internet. Phishing involves the use of a generic e-mail message that appears to come from your credit union, but is actually from an imposter. The phishing e-mail is generic in the sense that it does not mention a specific credit union by name nor does it list any contact information to the credit union. However, all phishing e-mails are similar in the fact that they direct you to click on a link or visit a web site, where you are asked to enter or confirm personal information needed to access your on-line account.

Phishing e-mail scams ask for personal account information such as:

Account number
Credit or check card number
Social Security number
On-line account user ID and password
Mother's maiden name
Date of Birth
Other confidential information

Sometimes when you click on the link, it may appear to be non-functional or temporarily out of service. In most cases, when you click on the link, the site downloads a computer virus or possibly installs malicious software known as spyware, malware, keyloggers, etc. on to your computer.

If you receive suspicious e-mails requesting that you update your on-line account information into a link or website, DO NOT REPLY. Here are some steps you can take to reduce your risk to phishing e-scams:

Maintain current anti-virus software on your computer
Do not reply to the phishing e-mail
If you receive a suspicious email, forward the entire e-mail message to phishing@ncua.gov .
Do not update any of yo ur personal account access information
Do not down load any attachments from the phishing e-mail
DELETE, DELETE, DELETE the phishing e-mail scam from your computer
Contact your credit union

In addition, if you believe you have been the victim of a fraudulent scheme, file a complaint with www.ftc.gov and visit the FTC's Identity Theft website at www.ftc.gov/idtheft to learn how to minimize the risk of damage from identity theft.