Protecting Investors from Tax-Related Internet Scams

It's tax season and the phishers are out in full force. Phishing scams use fraudulent e-mails that pretend to be from trusted sources, such as the IRS, to trick you into disclosing confidential information or to plant malicious software on your computer. Phishers use a variety of tax-related hooks to do this. Some target U.S. taxpayers who have foreign financial accounts and claim you haven’t reported all of your foreign income. Others claim you are under investigation by the IRS or have a refund pending.

The e-mail often asks you to click on a link to access the IRS Web site. That link connects to a site that appears authentic and then prompts for personal details, bank or credit card account numbers. With malicious Web sites, though, just opening the page puts your PC at risk because the site can infect your computer with malware like viruses and spyware that subsequently attempt to steal information.

According to computer security firm McAfee's Threats Report: Fourth Quarter 2010, Web-based risks continue to grow in size and sophistication and the number of potential malicious sites is increasing rapidly. Phishing URLs in the form of the IRS, gift cards, rewards accounts and social networking accounts were among the most popular, the report notes. If your clients haven't received a phishing message already, it's likely they will.

Spotting the Bad Guys
Phishers build some very convincing fraudulent messages and Web sites but there are often warning signs that something isn’t right. Here’s some advice you can share with clients to help them avoid getting burned:

• The IRS does not deliver tax-related communications by e-mail. If an e-mail purports to be from the IRS, it's a fraud.
• Phishing messages that originate in foreign countries often have spelling and grammatical mistakes.
• The reply-to e-mail addresses in phishing messages will be for a non-government address.

Staying Safe
Basic safe-computing measures continue to be an important defense against phishing. These include:

• Update and run anti-virus and Internet security software.
• Avoid opening e-mails from unknown senders.
• Instead of clicking directly on links in e-mails, copy and paste the link into the browser's address bar to see the underlying address.
• Never divulge personal information like Social Security numbers or date of birth via e-mail.
• Don't reply to e-mails claiming to be from the IRS or open their attachments. Instead, forward the e-mail as-is to the IRS at phishing@irs.gov and then delete it.

Additional Information
The IRS Web site has extensive information on e-mail scams and other tax frauds on its Tax Scams/Consumer Alerts page: www.irs.gov/newsroom/article/0,,id=98269,00.html
Source: IRS, Charles Schwab, McAfee