"Approximately 155 million people are filing tax forms annually between now and April 15," says Robert Siciliano, an online security and safety evangelist for McAfee. And during the last five years, Siciliano says, tax-time identity thefts have dramatically surged.
Indeed, the number of complaints surrounding identity theft using a lure of tax refunds has soared 300% to 33,774 complaints in 2009, compared with 11,010 in 2005, according to a Scripps Howard News Service report.
Bogus Tax Refunds Are Popular Bait
A tax refund, albeit bogus, serves as juicy bait to potential victims in a phishing scheme, says Kevin Haley, director of Symantec's Norton Security, Technology and Response team.
The desire for a tax refund is apparently universal.
In India, a phishing scam circulated in 2010. Taxpayers received spam email messages, touting "Tax return" in the subject line. Users were then directed to click on a link that would take them to a fake version of the India Tax Department website, according to a Symantec blog.
Last year, identity thieves tried a new tax trick by emailing a bogus IRS notice to taxpayers, warning them that they did not submit an updated W-2 form. The email contained a link to a phishing website where taxpayers were instructed to enter their W-2 information, which includes such sensitive items as Social Security number, address, and wages.
Here's an example of the bogus W-2 email that made the rounds last year and was flagged by the Better Business Bureau:
Sent: 1/21/2011 4:37:41 P.M. Eastern Standard Time
Subj: Important: W-2 form update
We would like to inform you that as of the 21th of January you are late in updating your W-2 form submition with the new updated version. Please send us your completed W-2 update form by 02/01/2011. The updated version of the W-2 form please click on the link below:
A New twist: Dialing for Dollars
With an ever-increasing number of people using smartphones, identity thieves are also targeting mobile devices. So Siciliano says he wouldn't be surprised if consumers begin to get bogus text messages purporting to come from the IRS.
"Most people feel the IRS knows everything about them, including their cellphone number," Siciliano says, adding that taxpayers are likely to click on a link in a text message because they may have a false sense of security that only a legitimate contact would have their cellphone number.
Advice for Playing it Safe
Here are some tips on avoiding tax scams, straight from the IRS:
- The IRS does not ask for personal identifying or financial information via unsolicited emails.
- Taxpayers do not have to complete a special form to obtain a refund.
- Do not open any attachments purporting to come from an IRS email. They could contain malicious code.
- Do not click on any website links in emails that claim to come from the IRS.
- Not sure if you are getting a tax refund? Contact the IRS at (800) 829-1040.
Security firms also offer up some advice about the typical types of social engineering bait used to lure the unwary: Offers to refund money to potential victims are popular among scammers, followed by offers of free tax advice or guarantees of untangling issues with back-taxes owed, Haley says.
Motley Fool contributor Dawn Kawamoto does not own any stock in the companies listed.