Two Common Government Employee Impersonation Scams: What to Watch For

/0 Comments/in , /by

One of the biggest threats that taxpayers are facing these days is an aggressive scam where criminals call victims and pretend to be IRS agents. The goal? To steal money.

All year but especially during tax filing season, the IRS will see a big surge in the number of scam calls, which tell victims that they will be arrested, deported, or have their driver’s license revoked if they don’t pay a fake tax bill.

How the Scams Work

These scammers make calls to people and claim to be from the IRS. They inform the victim that they have an unpaid tax bill, that must be paid immediately, either through a prepaid debit card or wire transfer. To make this sound even more legitimate, the scammers might also send a phishing email or make robo-calls to the victims.

To get the victims to pay, and to pay quickly, they make threats, as mentioned above. On top of this, they also can alter the number they are calling from through caller ID spoofing services to make it look like the IRS is actually calling. The scammers also will use badge number and IRS titles to make themselves sound more official.

The IRS is onto these scams, of course, and it has released information to remind taxpayers to be aware of them. For instance, a report from the Treasury Inspector General for Tax Administration, TIGTA, states that there are more than 12,000 people who have paid more than $63 million due to these phone scams over the past few years.

Recognizing an IRS Scam

There are certain things that the IRS will never do, so if you see any of these things, or you are asked to them, you can be sure that it’s a scam.

The IRS will NEVER:

  • Threaten to bring in local police for not paying your tax bill
  • Ask you to pay via a gift card or wire transfer
  • Demand that taxes are paid without question or the opportunity to appeal
  • Ask for debit or credit card numbers over the phone
  • Call about an unexpected refund
  • Call to collect money without first sending a tax bill

If you get a call from the “IRS” asking for any of this, hang up.

There are Social Security Administration Scams Out There, Too

The IRS is not the only government agency plagued by scams. People are also getting scammed by people claiming to be from the Social Security Administration, or SSA. The goal here is to try to get your Social Security number.

Basically, someone will call you and claim to be from the SSA in an attempt to collect your personal information, including your Social Security number. If you get a call like this, you should definitely not engage with the caller, nor should you give them any money or personal information.

One of the ways that scammers are so good at getting this information is that they try to trick their victims by saying their Social Security number has been suspended due to suspicious activity, or that it has been connected to a crime. They will ask the victim to confirm their SSN in order to reactivate it.

Sometimes, they might even go further with this and tell the victim that their bank account is about to be seized, but they can keep the money safe…by putting it on a gift card, and then sending the code to the scammer.

You might wonder why people fall for this, but it really is easy for these scammers to change their phone number to show the same number as the SSA on caller ID. But this is a fake number…it’s not really the Social Security Administration.

There is also the fact that the scammers will say that someone has used your personal Social Security number to apply for a credit card, and because of this, you could lose your Social Security benefits. They also might say that your bank account is close to being seized, and you must withdraw your money or wire it to a “safe account,” which is, of course, the account of the scammer.

Here’s some of the details about these scams that you need to know:

  • Your Social Security number won’t be suspended. You never have to verify your number to the SSA, either and the agency can’t just seize your bank account.
  • The SSA will never call you about taking your benefits or tell you that you must wire money to them. If you are asked for money from the SSA, it is a scam.
  • The SSA’s number is 1-800-772-1213, but scammers are using this to appear on caller ID. So, it looks legitimate. So, if you get a call from this number, hang up and call it back. This way, you can be sure you are talking about the SSA and get the information you need…or find out that someone was trying to scam you.

Do not give your Social Security number to anyone over the phone or via email…also, don’t give your credit card number or bank account number to anyone over the phone or via email.

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.

Florida City Pays Hackers $600,000 after Scam

/0 Comments/in , , /by

Riviera Beach, a city in Florida, has agreed to pay a $600,000 ransom to hackers who attacked its network.

This week, the City Council voted to pay the demands after coming up with no other option to meet the demands of the hackers. It seems that the hackers got access to the system when a staff member clicked on a link in an email, which uploaded malware to the network. The malware disabled the city’s email system, direct deposit payroll system and 911 dispatch system.

According to Rose Anne Brown, the city’s spokesperson, they had been working with independent security consultants who recommended that they pay the ransom. The payment is being covered by the city’s insurance. Brown said that they are relying on the advice of the consultants, even though the stance of the FBI is to not pay off the hackers.

There are many businesses and government agencies that have been hit in the US and across the world in recent years. The city of Baltimore, for instance, was asked to pay $76,000 in ransom just last month, but that city refused to pay. Atlanta and Newark were also hit with demands.

Just last year, the US government accused a programmer from North Korea of creating and attacking banks, governments, hospitals, and factories with a malware attack known as “WannaCry.” This malware affected entities in over 150 countries and the loses totaled more than $81 million.

The FBI hasn’t commented on the attack in Riviera Beach, but it did say that almost 1,500 ransomware attacks were reported in 2018, and the victims paid about $3.6 million to the hackers.

Hackers often target areas of computer systems that are vulnerable, and any organization should consistently check its systems for flaws. Additionally, it’s important to train staff about how hackers lure victims by using emails. You must teach them, for instance, not to click on any email links or open emails that look suspicious. It is also imperative that the system and its data, and even individual computers, are backed up regularly.

Most of these attacks come from foreign entities, which make them difficult to track and prosecute. Many victims just end up paying the hacker because the data is precious to them. They also might work with some type of negotiator to bring the ransom down. In almost all cases, the attackers will do what they say and allow the victims to access their data, but not all of them do. So, realize that if you are going to pay that you still might not get access to the data. Ransomware simply should not happen to your network. If all your hardware and software is up to date and you have all the necessary components and software that your specific network requires based on its size and the data you house then your defenses become a tougher target. Additionally, proper security awareness training will prevent the criminals from bypassing all those security controls and keep your network secure as it needs to be.

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.

Anyone Can Scam You, Even Your Folks

/0 Comments/in , /by

You might feel pretty safe with your parents, but more and more stories are coming out about scammer parents—especially when it comes to getting into college.

By now, we have all heard of the famous faces who have gotten caught up in the college admission scandal, but they are not the only ones. Other families are also involved in the scandal, including a wealthy Chinese family who paid $6.5 million in 2017 to get their daughter admitted to Stanford. They did not pay the school, of course, but they did pay college consultant Rick Singer, who is at the center of the college admission scandal.

The Los Angeles Times broke this story, and it is unknown, at this time, if the family knew that they were doing something wrong. Neither the family nor the student, who all live in Beijing, have been charged with any crimes. Stanford has released a statement to say that it has not received any money from the student’s family (or from Singer), and it was not even aware of any of this until the Times’s story was published.

Other families associated with the college admission scandal are starting to get their days in court, including Bruce and Davina Isackson, who pleaded guilty in a Boston federal court for their involvement in the scam. They were the first to plead guilty and also the first who have said that they will fully cooperate with the investigators and testify against the other parents who are accused in the scandal.

The Isacksons are accused of paying $600,000 to ensure that their daughters were admitted into the University of California, Los Angeles and the University of Southern California. The money was paid to admit both of the girls to the schools as fake athletic recruits, and it was used to pay Singer to rig the entrance exam score for one of them.

The couple did release a statement through their attorney. They expressed their regrets for their actions and stated, “Our duty as parents was to set a good example for our children, and instead we have harmed and embarrassed them by our misguided decisions.”

There are many parents involved in this scam, including 12 parents who have already agreed to plead guilty. This includes actress Felicity Huffman.

Other parents are fighting the charges, and they could be in for a rough road; the parents and coaches who are helping the investigators are full of information, and it could harm any efforts of those whom have pleaded not-guilty.

Since the scandal has hit, even former coaches are stepping up, including those at USC and the University of Texas at Austin. This also indicates that there could be more indictments coming soon.

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.

Beware of Conference Invitation Scams

/0 Comments/in , , /by

Conference invitation scams are those that involve a scammer sending invitations out to events with the intention of scamming the invitees. These might be real events or fake events, and the scammers target people including business professionals, lecturers, CEOs, researchers, philanthropists, and more. The goal here is to steal the identities of these people, and eventually get money by taking advantage of their victims.

Spotting a Scam

There are usually some pretty clear signs that you could be dealing with a scam involving a conference invitation. Here are some things to look for:

  • The invitation has typos or bad grammar
  • The invitation seems very random or out of no where
  • The conference name sounds like a conference you might be family with, such as Tech Crunch, but it’s spelled differently, like TekCrunch
  • The invitation asks that you pay a premium price to attend, which includes accommodation and transportation
  • Payment options don’t include credit cards
  • The invitation is overly flattering
  • There is a sense of urgency pushing you to send personal information
  • The greeting on the invitation is questionable, i.e. “Salutations.”
  • The invitation asks for sensitive information in return for “covering” your conference cost, accommodations, and transportation.
  • The conference is held in a different country, i.e. Asia or the Middle East
  • The landing page doesn’t have a physical address or landline number
  • The invitation sounds too good to be true

How Do These Scams Work?

In general, the scammer begins the scam by sending an email to a target victim and invited them to attend or speak at a conference. The scammer usually uses the victim’s social media pages to get information about them, which helps them to create a more personalized email.

The victim is told to register for the conference, which involves giving personal information. Additionally, they could be asked to pay a fee to attend, which could be over $1,000, depending on how long the conference is said to last. Usually, this is where the sense of urgency comes into play, as the scammer will say the conference is filling up or they need to know if they can count on the victim to speak. If not, of course, they must find another speaker, so the victim must confirm as soon as possible.

If the targeted victim complies with this and sends their information, the scammer may have enough information to steal the victim’s identity. Additionally, the scammer can use the name of the victim to promote the conference, especially if it is someone well-known in the industry.

If the victim goes through with all of this, they will quickly find out that they have been scammed. A scammer might also try scamming people who are actually going to a legitimate conference. They claim that they are part of the organization running the conference, and they need information and to collect fees. Of course, since the victim already signed up for the conference, it is easy to believe this scam without giving it a second thought.

Protecting Yourself from Invitation Scams

Here are some tips and tricks that you can use to protect yourself from these types of scams:

  • If you get an email similar to ones described here, don’t respond.
  • You should investigate any invitation that you are not sure of.
  • Do not agree to send money, and only pay with a credit card.
  • Don’t agree to give any personal information; a conference organizer doesn’t need to know your Social Security Number
  • Research the event and try to match up the information that you were given in the invitation email.
  • Copy and paste some of the email into Google to see if others have reported that this is a scam.

What to Do if You are a Victim If you have become a victim of a conference invitation scam, there are steps you should take immediately. First, get in touch with your financial institutions, like banks and credit card companies, and make them aware of this. Next, you should contact the location police and authorities in the area where the conference is allegedly supposed to be held. You should also get in touch with the Better Business Bureau about the company, and you can report the scam online via the BBB’s Scam Tracker or the Federal Trade Commission’s Online Complaint Assistant.  Finally, you can also report the scam to the FBI through its Internet Crime Complaint Center.

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.

WARNING: You or Your Members Could be Targets of List Scams

/0 Comments/in , /by

There are scammers out there targeting conference exhibitors and attendee. What are they looking for? Credit card numbers, money wires and personal information that they can use to steal identities. One of the ways that scammers get this information is by using invitation or list scams. Basically, if you are registered for a conference, speaking at a conference, a conference vendor or just “in the business”, you might get an email…or several emails…that invite you to a conference or offer to sell you a list of attendees, and their contact information, which may be beneficial to you…but is it too good to be true? Definitely.

Robert Siciliano, CSP, SAFR.ME

These Lists are Lies

Along with conference invitation scams, many associations are targets of list scams. A quick search of “Attendee List Sales Scam” pulls up numerous associations whose members and anyone interested in marketing to these members are being targeted by criminals to purchase non-existent lists.

Though it might sound great to get a list of all attendees of a conference, including their contact information, you might be surprised to know that these lists are lies. On top of that, getting this information might not even be legal.

Think about it for a second. When you signed up for a conference, did you choose to opt-in to have your personal information shared with others? Probably not, and that also means that most of the other attendees did not do this either.

To find out if the list is possibly legit, take a look at the show’s policies. Do they give information to third parties? Do they rent or sell lists of attendees? Is the name of the company that contacted you on the list of their third-party vendors? If this checks out, the list could be legitimate. If not, it’s probably a lie.

If you think you are dealing with a liar, the first thing you should do is plug the company that contacted you into the Better Business Bureau’s website. If it is a scam, you should certainly see information proving that. If not, but you aren’t interested, just unsubscribe. If you think that you are dealing with a scammer, don’t reply or even unsubscribe. Instead, just delete the email and don’t take any action. Many of these scammers are simply looking for active email addresses.

More Conference Invitation Scams

Another scam involves telling attendees about exhibitors that don’t even exist. This can push you into wanting to sign up for the conference, but in reality, the conference, itself, might not even exist, and in this case, you could just be giving your hard-earned money to a scammer.

So, if you find yourself in this situation, the first thing you want to do is research. One step is to look up the person who contacted you online, such as on LinkedIn, and see if they are who they say they are. Another thing to do is to contact the conference venue and ask if the event is being held there. You can also check the contract for refund or cancellation information. You also should do some research about the reputation of the contactor company. Finally, always make sure that you pay for any conference with a credit card. This way, with zero liability policy’s, you can get your money back, and every legitimate conference company is happy to accept credit cards. 

But Wait…There’s More

Another scam associated with trade shows and conferences is to contact attendees about hotel reservations, but once you pay…it’s all a scam. Usually, these scammers will contact the attendees and say that they represent the hotel for the conference. They will tell you that rates are significantly rising or that it is sold out, so you must act immediately…however, they will say that they need the full amount up front.

When in doubt about this type of scam, you should always contact the trade show organizers yourself, and then ask who the booking rep is. You should also give them the name of the company that you believe is scamming you so they can advise others of the scam.

Know Your Options

  • It is very important when you are signed up to present or attend a conference that you only engage with the company that is running the conference
  • If in doubt, confirm with the company that the offers from third-party claims are correct.
  • You can also get an official exhibitor list of official vendors.
  • Keep in mind that these legitimate companies might have your personal information, but they would not release your personal contact information with third-parties.
  • Some exhibitors might get the mailing address of attendees, which you can opt out of. Most of this is harmless, of course, but that doesn’t mean that all of these lists are.

Wi-Fi Hacks

Finally, you want to watch out for wi-fi hacking. This is a common scam for conference goers. When you attend a conference or trade show, you probably just expect that you will get free wi-fi, right? This allows you to take care of business and ensure that your booth runs smoothly. Hackers know this, of course, so they set up nearby and create fake networks. Once you connect to these networks, they can come into your device, take your information, and even watch everything you are doing online.

Keep in mind that these fake networks look remarkably similar to the legitimate networks set up by the conference. So, always double check before connecting, and if you are ever in doubt, make sure to ask one of the conference or trade show organizers. They can confirm that you are on the right network. There are always going to be scammers out there, especially when you are attending a trade show or conference. There are just too many opportunities for scams, and they can’t say no. Fortunately, by following the advice above and by reporting any suspicious activity, you can not only make sure that you, yourself aren’t falling for these scams, but also help others to not fall for this type of nefarious scheme.

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.

Youra Sheethed: My Dalliance Scambaiting a Nigerian Con

/2 Comments/in /by

I put an ad on Craigslist to sell a refrigerator that I no longer need. Within a few minutes I’m happy to report Micheal responded to buy it!

SCAMMER:Hi am Micheal I like to ask if this item is till available for sale and what the present condition it.

ME:Still for sale, someone is interested tho, its like new, 5 months. 

SCAMMER:Thanks for the  information Joshua I am interested in buying and closing this deal before anybody else  the easiest mode of payment  for me is by sending you a cashier check directly from my bank account  to you overnight via USPS , Kindly send me your full name and address to send the check out if you are interested . I also promise to handle the shipping myself once you have the cash at hand 

ME: Awesome! Thank you Michael! Please send the check to:

Youra Sheethed

15 Deerfield St #15145

Boston MA 02215

Sincerely with love respect hugs and kisses

Youra Sheethed 🙂

SCAMMER:The check will be mailed ASAP,please note that the amount on the check will be shipping and handling charges inclusive so you will have more than $640on   the check from which you will deduct $640for  the payment , will counting on you make the rest available to my shipper because I have other things he will be picking up for Me , I will notify you once the check is sent.kindly confirm the name.YouraSheethed

ME: Yup, that is correct.  Youra Sheethed.  It has been a pleasure to do business with such a professional person as yourself.

Few days later…….

SCAMMER:The Usps man just confirmed to me the check has delivered now and The amount i wrote is $2340,As our agreement that i have promised that iwont cause you any financial problem regarding the shipment, The extra fee payment on the check is to cover the shippers fee pick up for your item and they have other items they are picking up for me , So that can cover all fee..

SCAMMER: Have you received/deposited the check already??

Hey, it’s me Robert, so the SCAMMER didn’t get an immediate reply from me because I was on an airplane. In the course of an hour, probably in a panic, Scammer then sent another 8 messages and called another 12 times every, 2 minutes.

ME when I got off the plane: You seem to have ants in your pants.  You should have that checked.  They can bite you know.  Especially the red ones.  One time that happened to me. I was VERY ITCHY.  Are you itchy?

SCAMMER: Excuse me ?

ME: Ants in your pants.  You called and texted like 20 times.  Maybe it’s me but that tells me you have ants in your pants.

SCAMMER:The USPS confirmed to me check already delivered,so I wanted to be sure you’re in procession of it..i apologize for the inconvenience and would like to proceed

ME: I deposited it.  It’s a lot of money!!!!! Thank you for the big tip.  Youra said she will use the extra money for her hemorrhoid surgery.  She’s very itchy.

Hey, it’s me Robert, so the SCAMMER didn’t respond to this message at all, I think maybe he caught on??!! So I messaged him 2 days later….

ME: When are the movers coming?

SCAMMER: I HAVE YOUR COMPLETE NAME AND ADDRESS,I WILL BE TAKING A SERIOUS LEGAL ACTION AGAINST YOU…. you will be hearing from my lawyer soon!

ME: Why? I thought we were friends? I like you.  We have lots in common. We both are itchy!

SCAMMER:Oloriburuku!

Hey, it’s me Robert, so I didn’t know what Oloriburiku was, so I googled it. And the Urban Dictionary provided this definition: “Oloriburiku; Direct translation to bastard head meaning someone stupid or crazy with mad thoughts don’t use it around Nigerian parent unless u want to die”

Apparently I’m not selling a refrigerator to Micheal. But at least I have a nice big fat check!

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video

Bitcoin Scams Up the Ying Yang

/0 Comments/in , , , , /by

If you are thinking of jumping onto the Bitcoin bandwagon, or any type of cryptocurrency, you have to make sure that you are watching out for scams. There are a ton of them out there, including the following:

Fake Bitcoin Exchanges

You have to use a Bitcoin exchange if you want to buy or sell Bitcoins, but not all of them are legitimate. Instead, many of them are created for the sole purpose of taking people’s money. Only use well-known exchanges.

Ponzi Schemes

Bitcoins are not exempt from Ponzi schemes, and you have to look out for these. These are like pyramid schemes, and you definitely don’t want to get caught up with this, as you will certainly lose your money.

Fake Currency

You have certainly heard of Bitcoin, but there are other cryptocurrencies on the market, too, as alternatives to Bitcoin. However, there are also fake ones. For instance, one of these, My Big Coin, was fake, yet the people behind it managed to take more than $6 million from customers.

Well-Known Scams

Bitcoin scammers also rely on old school, well-known scams to trick people. They might, for instance, send emails pretending to be the IRS or even having some type of Bitcoin sale. People fall for these scams every day. If it seems weird, like the IRS emailing about Bitcoin, it is most definitely a scam.

Malware

Malware is another associated scam with Bitcoin. Most, or all wallets are connected online, scammers can use malware to access the account and take your money. Malware can get on your computer in a number of ways, including from websites, social media sites, and even through email.

Fake News

We live in an era where online news is the most popular method to get news, but it’s also very easy to create news stories that seem totally legitimate, yet they are absolutely fake. Basically, scammers create these stories to bait victims, so always think before you start clicking.

Phishing

These Bitcoin scammers also use phishing scams to try to get money from people who are trying to buy and sell Bitcoin. These scams are often done by clicking malicious links.

It doesn’t matter if you join the Bitcoin craze or not, you can also use these tips to keep yourself safe from other scams. Here’s some final tips:

  • Always do a security scan on your laptops, computers, phones, and tablets on a regular basis.
  • Do your research before investing in any cryptocurrency website. Make sure it is trustworthy and secure.
  • Store all of your cryptocurrency in a wallet offline, which keeps it protected from scammers.
  • Always monitor all of your banking, credit card, and cryptocurrency accounts.
  • Always insist the crypto site has two step or two factor authentication.

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.

Are you Scam Aware or a Sitting Duck?

/in /by

You might have heard about all of the scams out there, and think that you are pretty scam savvy. But, the truth is, most of us aren’t, and even a simple phone call could get you caught up in a big scam.

One such scam occurs when criminals call random phone numbers and ask questions, such as “Can you hear me?” When you say “yes,” they record it. They then bill you for a service or product, and when you try to fight it, they say…but you said ‘Yes.’ Not only does this happen with private numbers, it also happens with businesses. So, you have to ask…are you aware of the possibility of scams, or are you a sitting duck just waiting to be targeted? HOWEVER, this scam is unproven. Meaning I don’t think it’s a scam at all. And the scam is that this is not a scam!

Do You and Your Staff Know What To Avoid?

Do you think your staff, or even yourself, knows what to avoid when it comes to scams?

  • It’s always a good idea to have some type of awareness program in place to teach your staff what they should avoid to avoid becoming a statistic. Phishing training and social engineering information should be a part of this.
  • Do you think you or your staff would know if they fell for a scam? To teach them, make sure to give them a general, broad view of various scams and avoid being too specific. Instead, broaden the perception they have of various attacks.
  • If someone on your team was the victim of an attack, would they even know what to do in that instance? It is important to have a “scam response plan” in place.

Reporting Scam Attacks

It is essential that your team understands how to report a scam. Whether that scam is a physical security scam, such as someone wearing a fake badge and gaining access to the facility or a cybersecurity incident.

It’s also important for you to realize that some people might not even want to report these incidents. They might not feel as if it’s a legitimate concern, or they might even feel stupid that they fell for it, so they hold the information back. Others might feel as if they are being paranoid, or feel as if it’s not a valid concern. Make sure your team realizes that we all make mistakes and you want to hear about it, no matter what.

Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

Beware of these 4Scams

/in , , /by

IRS

  • The e-mail (or phone call) says you owe money; if you don’t pay it immediately, you’ll be put in jail or fined.The scammer may know the last four digits of the victim’s Social Security number.
  • Caller ID will be spoofed to look like the call is from the IRS.9D
  • The e-mail will include an IRS logo and other nuances to make it look official.
  • The scammer may also have an accomplice call the victim pretending to be a police officer.
  • The victim is scared into sending the “owed” money—which goes to the thief. Or, the thief gets the victim to reveal credit card information.
  • Another version is that the IRS owes the victim. The victim is tricked into revealing bank account information to receive the refund.
  • Know that the IRS will never contact you via e-mail or phone; will never threaten jail time, a fine or other threats like a driver’s license revocation.
  • If you owe, the IRS will send you snail mail, certified.
  • The IRS will never threaten to have you arrested.
  • If the subject line of an e-mail appears to be from the IRS, delete it.
  • If a phone call appears to be from the IRS, hang up.

Bereavement

  • Scammers scan obituaries for prey.
  • They then contact someone related to the deceased and claim something against the estate or that they’ll reveal a family secret scandal unless they’re paid.
  • If one of these scams comes your way, request written documentation of the claim.
  • Tell the sender you’ll send this documentation to the executor.
  • If you’re blackmailed, contact a lawyer.
  • Never arrange to meet the sender.

Computer Hijack

  • This may come as a phone call: A person claiming to be a Microsoft rep informs you that your computer has been hacked and he’ll fix it—or you’ll lose everything.
  • He wants to convince you to let him have remote control or “sharing” of your computer…and from there he’ll try to get your credit card number…

Investment Scam

  • Someone halfway around the world has chosen YOU to handle a large amount of money, and you’ll be paid richly for this.
  • The sender often has a foreign sounding name, but even common names are used.
  • Often, there’s some smaltzy message in the e-mail subject line like “God bless you” or “Need your help.”
  • Delete e-mails with any subject lines relating to investments, inheritances, mentions of money, princes, barristers or other nonsense.
  • If you feel compelled to open one, don’t be surprised if there are typos or that it’s poorly written. Do NOT click any links!

Robert Siciliano CEO of IDTheftSecurity.com, personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

Tax Identity Theft jumps on Payroll Scams

/in , , /by

Do you work for a corporation, especially in the U.S.? You may be at risk for tax return fraud.

9DADP is a payroll provider. Hackers were able to acquire tax information of employees of U.S. Bank from ADP. Now, this doesn’t mean that ADP was directly hacked into. Instead, what happened, it seems, their authentication system was flawed and ADP failed to implement a protection strategy for the personal data to keep it safe from prying eyes.

The crooks registered ADP accounts by using the stolen data of the bank employees. These accounts allowed the crooks to get additional W-2 information—enough to commit tax return fraud. In other words, looks like a W-2 gateway was created to file fraudulent tax returns.

If it happened to U.S. Bank and ADP, it can happen many places else.

ADP says that the breach did not originate from their computer network, but where exactly it did come from is not clear at this point, as there are multiple possibilities including the hacking into of a third party service.

The hackers also used a unique company issued URL. This URL is needed to register an ADP account. It is not known at this point in time if the U.S. Bank URL required credentials to gain access to or not, but since this data breach, U.S. Bank has withdrawn plans to further post the URL online. U.S. Bank has also removed their publicly accessible W-2 form from cyberspace.

Despite the data breach, there were only minimal effects to employees and customers of ADP and U.S. Bank. But the minimal adverse outcome is no reason to let your guard down. Next time, the institutions may not be so lucky.

Solution: Fill out the IRS Identity Theft Affidavit ASAP. Here: http://robertsicilian.wpengine.com/wp-content/uploads/2016/06/f14039.pdf

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention.