The Internal Revenue Service has issued several consumer warnings on the
fraudulent use of the IRS name or logo by scamsters trying to gain access to
consumers' financial data in order to steal their assets.
Fraudsters may use the IRS name because most consumers recognize it, have had
prior communication with or from the IRS (such as receiving annual tax form and
instruction packages) and have previously provided the IRS some financial data
(such as that contained on tax returns).
As a general rule, the IRS does not send out unsolicited e-mails or ask for
detailed personal information. Additionally, the IRS does not ask people for the
PIN numbers, passwords or similar secret access information for their credit
card, bank or other financial accounts.
Tricking consumers into disclosing their personal and financial data, such as
secret access data or credit card or bank account numbers, is identity theft.
Such schemes perpetrated through the Internet are called "phishing" for
information.
The information fraudulently obtained is then used to steal the taxpayer's
identity and financial assets. Typically, identity thieves use someone's
personal data to steal his or her financial accounts, run up charges on the
victim's existing credit cards, apply for new loans, credit cards, services or
benefits in the victim's name and even file fraudulent tax returns.
Identity theft usually causes immediate financial losses for the victims, who
may also encounter lingering credit and other problems as a result of the
identity theft.
Identity theft schemes take numerous forms. Identity theft may be conducted
by e-mail (phishing), standard mail, telephone or fax. Thieves may also go
through trash looking for discarded tax returns, bank records, credit card
receipts or other records that contain personal and financial
information.
When the IRS learns about schemes involving use of the IRS name, it tries to
alert consumers as well as authorities that can shut down the scheme, if
possible.
The following are examples of recent schemes:
1. e-Mails claiming to come from tax-refunds@irs.gov,
admin@irs.gov or other
variations on the irs.gov theme told the recipients that they were eligible to
receive a tax refund for a given amount. It directed recipients to claim the
refund by using a link contained in the e-mail which sent the recipient to a Web
site. The site, a clone of the IRS Web site, displayed an interactive page
similar to a genuine IRS one; however, it had been modified to ask for personal
and financial information that the genuine IRS interactive page does not
require.
The Treasury Inspector General for Tax Administration (TIGTA) has reported
that it found 12 separate Web sites in 11 different countries hosting variations
on this scheme.
2. A bogus IRS letter and Form W-8BEN (Certificate of Foreign Status of
Beneficial Owner for United States Tax Withholding) asked non-residents to
provide personal information such as account numbers, PINs, mother's maiden name
and passport number.
The legitimate IRS Form W-8BEN, which is used by financial institutions to
establish appropriate tax withholding for foreign individuals, does not ask for
any of this information.
To protect against potential identity thieves, take the following
steps:
1. Be skeptical of communications you receive from sources you are not
expecting. Verify the authenticity of phone calls, standard mail, faxes or
e-mails of questionable origin before responding.
2. Do not reveal secret passwords, PINs or other security-based data to third
parties; genuine organizations or institutions do not need your secret data for
ordinary business transactions.
3. Do not click on links contained in possibly questionable e-mails; instead,
go directly to the site already know to be genuine. For example, the only
address for the IRS Web site is www.irs.gov -- any other variations on this will
not lead to the legitimate IRS Web site.
4. Do not open attachments to e-mails of possibly questionable origin, since
they may contain viruses that will infect your computer.
5. Shred paper documents containing private financial information before
discarding.
To report the fraudulent misuse of the IRS name, logo, forms or other IRS
property, you may contact the TIGTA toll-free hotline at 1-800-366-4484 or visit
the TIGTA Web site.
Those who think their identity has been stolen should visit the Federal Trade
Commission's Web site for information about how to handle the aftermath of
identity theft.
