Identity theft phishing tops IRS “Dirty Dozen”

Posted by Caitlin on April 7th, 2009

In 2008, the Internal Revenue Service designated “phishing” as one of its annual “Dirty Dozen” tax scams. Phishing is a form of identity theft that consists of sending fraudulent e-mails claiming to represent legitimate businesses and government entities, including the IRS, in order to steal information such as Social Security numbers, online user names and passwords, and bank account and credit card information. Phishers then use this information to make charges to your credit account, apply for credit in your name, and commit other acts which can damage your credit rating, cause you to lose access to your accounts, and cost you thousands of dollars and countless hours spent attempting to recover your losses and restore your good name.

In the past it was relatively easy to spot phishing e-mails, because they were generally filled with misspellings and other obvious errors and inconsistencies, signaling that that they did not originate from an official source. Today, however, phishing e-mails are much more sophisticated, and they can even redirect you to spoof websites which are almost identical to the real ones. The IRS is a popular phishing shield, especially at this time of year, because people fear the tax agency's broad powers and are eager to comply with its requests, in order to prevent having their tax refund payment delayed, or to avoid penalties and possible wage garnishment.

Victims of tax fraud-related phishing scams face extremely serious identity theft consequences. Scammers may use their Social Security numbers to apply for jobs, earning wages which are then reported to the IRS, making it appear that victims are underreporting their income, or that they have filed more than one tax return. Scammers who are using a stolen Social Security number in order to receive a tax refund will file as early as possible, to get their tax return in first, leaving the victim responsible for proving that fraud has occurred.

The first thing consumers should be aware of is that the IRS will never contact them via e-mail regarding tax issues, or request private information such as passwords and PIN numbers for personal financial accounts. If you receive an unsolicited e-mail claiming to be from the IRS, do not reply to it or open any attachments. Immediately forward the e-mail, including header information, to phishing@irs.gov. If you receive a letter from the IRS indicating that someone else may be using your Social Security number, you should respond at once using the contact information included in the letter. The IRS website contains additional information regarding identity theft and your tax records.

To learn about identity theft protection services, which help protect you from phishing and other scams, see our reviews and comparison chart.

• Data Breach Alert: Stolen laptop impacts Virginia school employees
• Data Breach Alert: Western Carolina University exposes hundreds of social security numbers
• Facebook phishing scams increase risk of identity theft on the popular social network
• Facebook Identity Theft Protection Guide: 6 tips to protect your identity on Facebook
• 25 million identities left unprotected in the UK