It’s no surprise that identity theft once again tops the “Dirty Dozen” tax scams put forth by the IRS for 2014. They warn that if an identity thief has access to your personal information, such as your name, Social Security number or other identifying information, he or she may use it to fraudulently file a tax return and claim a refund in your name. Think of the implications for the 110 million victims of the recent Target data breach as well as victims of the hundreds of other breaches at other retailers, universities, healthcare providers, government agencies and so on.
KrebsOnSecurity reports that the information from the Target breach alone has reportedly flooded underground black markets and cards are being sold from around $20 to more than $100 each. This data is being sold in hundreds of online “stores” advertised in cybercrime forums. A fraud analyst at a major bank was able to buy a portion of the bank’s accounts from such a store.
The twist this year is that telephone scams are being linked to the breaches as well. There are many variations, but most involve criminals contacting a victim saying they are from the IRS and that money is owed. They know the victim’s personal information such as Social Security numbers (from the stolen breach data), so it is very convincing. They may demand payment be sent immediately, threatening anything from arrest to driver’s license revocation if non-compliant.
Then here’s the kicker, there is often a follow up call supposedly from the local police department or the state motor vehicle department (with realistic numbers on the caller ID using a “spoofing” technique) to scare the victim into action even more. So far victims in nearly every state have fallen prey to this scheme to the cost of more than $1 million.
To read more about the characteristics of these scams and how to avoid them or get help if you think you’ve been a victim of this hoax, visit the IRS website. In the mean time, remember what IRS Acting Commissioner Danny Werfel said in a press release: “Rest assured, we do not and will not ask for credit card numbers over the phone, nor request a pre-paid debit card or wire transfer.”
Also remember to guard well your personal information. This tax scheme is just one example of how obtaining your personal information from one source makes it easier to socially engineer you in another way. Be wary to be on the safe side!
John Sileo is an an award-winning author and keynote speaker on identity theft, internet privacy, fraud training & technology defense. John specializes in making security entertaining, so that it works. John is CEO of The Sileo Group, whose clients include the Pentagon, Visa, Homeland Security & Pfizer. John’s body of work includes appearances on 60 Minutes, Rachael Ray, Anderson Cooper & Fox Business. Contact him directly on 800.258.8076.