For those not familiar with the term, “phishing” is a type of online scam, in which the perpetrator sends e-mails to a large number of e-mail addresses (spam) and attempts to obtain information from the recipient. The phisher uses an official-looking return e-mail address but has used some sort of technical process to disguise its actual source. (I don’t know enough about e-mail software to even begin to know how this might work.)
First comes a request for certain information, usually under the guise of “we wanted to update your files” or “you have some unclaimed funds.” The information might be your Social Security and bank account numbers, PIN identification and other information. Rather than have you e-mail this information to them, they give you a link to a website where you can enter the information. Then they can use what you input there to get into your finances.
Twice in the last few weeks, I have been on the receiving end of such a phishing expedition, but fortunately for me (and my bank account), I recognized them as such.
The first came from what appeared to be a bank, asking me to provide them with several bits of information so that they could update my account, such as my date of birth, mother’s maiden name, password, account number, Social Security number, etc. (all things that would allow them to access my accounts). Even if I weren’t aware of phishing, I would have been suspicious, because it was not a bank at which I had an account! I found the bank’s website online, got some contact information and sent the phishing e-mail to the bank’s fraud department. Soon after, I received a thank you from the bank and assurances that it would seek to put an end to this particular attempt at fraud and theft.
Just two days ago, I received an e-mail from “Internal Revenue Service” with a subject line saying: “Notice of Underreported Income” (the e-mail address was email@example.com). Since I have a friend who works for the IRS who had told me that the IRS never initiates contacts via e-mail, I forwarded it to him and hopefully the perpetrator of this scam will also be caught. My friend responded with the following information from the IRS website (www.irs.gov) :
I Need To > > Report Phishing
The IRS does not initiate taxpayer communications through e-mail.
· The IRS does not request detailed personal information through e-mail.
· The IRS does not send e-mail requesting your PIN numbers, passwords or similar access information for credit cards, banks or other financial accounts.
· Report suspicious e-mails and bogus IRS Web sites to firstname.lastname@example.org.
If you receive an e-mail from someone claiming to be the IRS or directing you to an IRS site,
· Do not reply.
· Do not open any attachments. Attachments may contain malicious code that will infect your computer.
· Do not click on any links. If you clicked on links in a suspicious e-mail or phishing Web site and entered confidential information, visit our Identity Theft page.
· Use the following steps to report the e-mail or bogus Web site to the IRS.
How to report phishing, e-mail scams and bogus IRS Web sites
If you receive an e-mail or find a Web site you think is pretending to be the IRS,
· Forward the e-mail or Web site URL to the IRS at email@example.com.
· You can forward the message as received or provide the Internet header of the e-mail. The Internet header has additional information to help us locate the sender.
· After you forward the e-mail or header information to us, delete the message.
How to identify phishing e-mail scams and bogus IRS Web sites
· Sample of phishing e-mails
o First sample of an actual phishing e-mail – PDF
o Second sample of an actual phishing e-mail – PDF
· All IRS.gov Web page addresses begin with, http://www.irs.gov/.
o Is it a phishing Web site? – PDF
· Are you a victim of Identity Theft?
o Contact the Federal Trade Commission at 1-877-IDTHEFT (438-4338)
o Visit the IRS Identity Theft resource page
You may also report misuse of the IRS name, logo, forms or other IRS property to the Treasury Inspector General for Tax Administration toll-free at 1-800-366-4484.
· OnGuardOnline.gov provides protection tips from the federal government and the technology industry.
· Press releases and more
· What is Phishing, Beware of Phishing Schemes
· IR-2006-49, IRS Establishes e-Mail Box for Taxpayers to Report Phony e-Mails.
· Phishing Scams, Frivolous Arguments Top the 2008 “Dirty Dozen” Tax Scams
· You can also forward suspicious e-mails to the Federal Trade Commission at: firstname.lastname@example.org or contact them at 1-877-IDTHEFT (438-4338).
· Having trouble downloading a PDF
The Internet is a wonderful tool, but as with any tool, the bad guys will find a way to use it for their misdeeds. Just like in fishing, you won’t get caught unless you take the bait, and in phishing, the bait disguises a sharp hook that can land a big fish. Don’t be a trophy catch hanging on somebody’s wall.