Internal Revenue Forms Used for Phishing Trips

If there’s one letter or e-mail I routinely open and read, it’s any communication from the IRS. How refreshing to scan one such note – per e-mail, no less – on Internal Revenue Service, United States Department of the Treasury letterhead, that announced “After the last annual calculations of your fiscal activity we have determined that you are eligible to receive a tax refund of $109.30. Please submit the tax refund request and allow us 6-9 days in order to process it.” With a click-through radial, a second page displayed, announcing that one would receive the tax refund on VISA or MasterCard by filling out an official-looking form, not unlike other IRS forms.

Since I am a suspicious, retired professor of economics and since a few items didn’t “smell” right, even for an IRS communication, I did not complete nor click on the form, but sent a quick e-mail to my accountant. He responded in short order, advising me that the e-mail was a scam, now widely used, and to ignore the communication.

I was delighted with the accountant’s quick reply, and, my curiosity peaked, set about to see whether others had noticed the same scam. They had! A few clicks to Google on my computer revealed nearly two million sites for the words “IRS scam.” An actual copy of the same letter I had received was reprinted (on an actual IRS site), tracing through how disreputable individuals had painstakingly used IRS forms and tone of correspondence to go “phishing” for confidential, private information on individuals.

Further research showed that notices dated back at least to 2005, with updates as recently as June, 2007. Many other IRS scams, including references to various IRS forms, refunds, abatements and so forth were included. “Phishing” seems the least innocuous, yet one of the most dangerous of these activities.

For the uninformed, “phishing” is “a technique used by identity thieves to acquire personal financial data in order to gain access to the financial accounts of unsuspecting consumers, run up charges on their credit cards or apply for new loans in their names,” according to an official IRS definition.

The very small form in the e-mail, specifying VISA or MasterCard debit card information, asks for your full name, card number, expiration date, CVV Code (the little three digit number on the back of the card) and your ATM pin number as electronic signature.

Bingo! If I have just your correct name, account number, and CVV code, I can charge, especially by phone or the Internet. Better yet for the crooks, it’s very easy these days to replicate the actual plastic in a garage workshop! It’s easy to buy actual goods in a store with a real or fraudulent card. Seldom do clerks check individual identification, especially for amounts less than fifty dollars. After all, the store is insured! Check Wal-Mart just for experience, even though their posted requirements suggest that all id’s are verified.

The IRS scam is at least several years old. Unfortunately, few people (myself included) think about “identity theft,” let alone research the methods scofflaws might be using. While IRS has ample information on its website (www.irs.gov) much is written in language too reminiscent of those other IRS notices we have all received at one point or another. Consequently, most of us tend to dismiss things until it’s too late.

A word to the wise: don’t get caught being a “phish,” with or without an IRS imprimatur!