A reader from Albuquerque got some troubling news recently. An email arrived in his inbox, telling him that Chase was suspending his account because of a “series of suspicious activities.”
It told him that in order to reverse the action, he would have to authenticate his identity by clicking on a “confirm now” button so that “all limitations from your account can be removed.”
Problem is the guy doesn’t have a Chase account.
On the other hand, I got some good news recently.
“You have been approved to receive sum of $500,000/-USD from United Nation Unclaimed Fund Payment.”
The email sender wanted me to provide a bunch of information.
I could use $500,000, but this will not be my path to riches.
The IRS might not be popular with Congress or the public, but it continues to be a hands-down favorite in the scam world.
Especially this time of year.
The agency recently renewed a consumer alert for e-mail schemes after seeing an increase of about 400 percent in phishing and malware schemes so far – and there’s still more than a month left in the tax season. Phishing is when someone impersonates an individual, business or organization to trick you into giving out your personal information.
In the latest version, which is hitting payroll and human resources departments, a scammer sends an email that claims to be from company higher-ups seeking personal information about employees, according to a new IRS alert.
The scheme already has fooled several workers into emailing replies to the cybercriminals that include or attach payroll information, including W-2 forms that contain Social Security numbers and other personal data, the IRS said.
“This is a new twist on an old scheme using the cover of the tax season and W-2 filings to try tricking people into sharing personal data. Now the criminals are focusing their schemes on company payroll departments,” said IRS Commissioner John Koskinen.
The agency advises that if your CEO or boss asks you for this kind of information, double-check internally before complying.
Here are some direct examples of how these bogus emails might be worded:
- “Kindly send me the individual 2015 W-2 (PDF) and earnings summary of all W-2 of our company staff for a quick review.”
- “Can you send me the updated list of employees with full details (Name, Social Security Number, Date of Birth, Home Address, Salary) as at 2/2/2016.”
- “I want you to send me the list of W-2 copy of employees wage and tax statement for 2015, I need them in PDF file type, you can send it as an attachment. Kindly prepare the lists and email them to me asap.”
The point of all this is that the scammers, armed with this kind of information, can file tax returns under someone’s name and collect refunds.
And in other IRS scam news … if you used the agency’s Get Transcript services last year you may have had your tax information stolen.
Yes, the IRS got hacked, and it’s sending letters to taxpayers warning them that they might have been victims. The agency said that a nine-month investigation found that 390,000 taxpayer accounts may have been hacked and another 295,000 were targeted but not accessed.
The Get Transcript service, which was discontinued last May, was an easy way for taxpayers to quickly download and view their past returns. However, hackers used Social Security numbers they found elsewhere to get in and view the past returns, with the aim of using that information to file bogus new returns, the agency said.
It is offering to affected taxpayers a free Equifax identity theft protection product for one year, and encouraging taxpayers to place a fraud alert on their credit accounts.
Ellen Marks is assistant business editor at the Albuquerque Journal. Contact her at firstname.lastname@example.org or 505-823-3842 if you are aware of what sounds like a scam. To report a scam to law enforcement, contact the New Mexico Consumer Protection Division toll-free at 1-800-678-1508.