If Halloween isn't scary enough for you, this October also has a Friday the 13th, which if you haven't looked at a calendar yet, is today.
This week alone, the IRS has issued two warnings about tax-related identity theft schemes.
First was the phishing attempt to hook tax pros by using the agency's e-Services as bait.
Now there's a fake insurance tax form scam that's being used to access annuity and life insurance accounts. The IRS says this criminal scheme also targets tax professionals and their clients.
Fake insurance phishing: There may be variations of the insurance scam, says the IRS, but details below show how one scam version works.
The cybercriminal, impersonating a legitimate cloud-based storage provider, entices a tax professional with a phishing email. The tax professional, thinking they are interacting with the legitimate cloud-based storage provider, provides their email credentials including username and password.
With access to the tax professional's account, the cybercriminal steals client email addresses. The cybercriminal then impersonates the tax professional and sends emails to their clients, attaching a fake IRS insurance form and requesting that the form be completed and returned.
The cybercriminal receives replies by fax and/or by an email very similar to the tax professional's email, using a different email service provider or a slight variation of the tax pro's address.
As for the email itself, the IRS says the subject line varies, but it may be "urgent information" or a similar request.
Here's an example of the awkwardly worded text in the body of the email:
Dear Life Insurance Policy Owner,
Kindly fill the form attached for your Life insurance or Annuity contract details and fax back to us for processing in order to avoid multiple (sic) tax bill (sic).
The cybercriminal, using data from the completed form, impersonates the client and contacts the individual's insurance company. The crook then attempts to obtain a loan or make a withdrawal from those accounts
13 scary tax scams: With this recent rash of identity theft scams, it seems only fitting on this Friday the 13th to review some of criminal efforts that have recently made the rounds. Of course, it numbers 13.
- Fake insurance letter email
- e-Services phishing scam
- Fake charities in the wake of Hurricane Harvey
- Phishing scam from crooks impersonating tax software companies
- Cons pose as fake IRS agents calling to 'verify' filers' tax return information
- Tax telephone scam script rewritten to include mentions of fake IRS certified letters, EFTPS option
- Fake CEO phishing tax scam is back
- Phishing criminals pose as potential tax clients to infiltrate tax preparers' systems
- Tax pros targeted in 'mail on hold' e-services phishing scam
- Telephone tax scam targets students with fake 'federal student tax' call
- Look out for smishing tax identity thieves
- Tax phishing scam artists pretend to be members of Taxpayer Advocacy Panel
- Fake IRS agent telephone scam continues despite alleged mastermind's arrest
Fighting off bad tax spirits (and scams): If you get any of these scam or phishing contacts — or new versions that no doubt will soon pop up — the IRS (and I) remind you of three things not to do:
- Never give out personal or financial information to unknown, unsolicited callers.
- Don't reply to questionable emails from unknown, unsolicited message senders.
- Don't click on links or open attachments in suspicious emails.
And here are three things to do if you're ever targeted by a tax identity thief con artist:
- Contact the Treasury Inspector General for Tax Administration (TIGTA) to report telephone tax scam calls. Use TIGTA's IRS Impersonation Scam Reporting web page or call toll-free (800) 366-4484.
- Report scam attempts to the Federal Trade Commission (FTC). Use the online FTC Complaint Assistant on FTC.gov.
- Send a copies of phishing emails to the IRS at email@example.com.
Finally, be skeptical and trust your gut. If something seems off, step back and investigate.
"These scams evolve over time and adjust to reflect events in the news, but they all typically are variations on a familiar theme," said IRS Commissioner John Koskinen. "Recognizing these schemes and taking some simple steps can protect taxpayers against these con artists."
Call the IRS yourself and find out if the message or call you got is correct or a criminal trying to take your info to file a fake return to collect a fraudulent refund.
Remember, tax scams don't die. Like Halloween (and TV and movie) zombies, they just keep coming back in new forms in search of more identity theft victims.
Remember, too, that tax crook goblins and ID theft ghouls are out there year-round, not just in Halloween's host month of October.