Scam exploits Treasury e-payment system
- By Mary Mosquera
- Jul 21, 2006
The IRS is warning taxpayers
about a new e-mail scam that uses the Treasury Department's Electronic Federal Tax Payment System as a hook to lure individuals into disclosing their personal information.
The system, which is used by more than 6 million taxpayers, lets businesses and individuals pay their federal taxes online or by phone.
The new e-mail scam, which contains grammatical errors and typos, resembles a page from IRS.gov and claims to be from the "IRS Antifraud Comission" (sic), a fictitious group. The e-mail claims someone has enrolled the taxpayer's credit card in EFTPS and has tried to pay taxes with it. The e-mail also says there have been fraud attempts involving the taxpayer's bank account, and that money was lost and "remaining founds" (sic) are blocked.
Recipients are asked to click on a link that will help them recover their funds, but the subsequent site asks for personal information that thieves could use to steal the taxpayer's identity, IRS said.
'The IRS does not send out unsolicited e-mails asking for personal information,' said IRS Commissioner Mark Everson in a statement.
The IRS never asks taxpayers for their personal identification numbers, passwords or similar secret access information for their credit card, bank or other financial accounts.
This latest e-mail scam is the first one known to reference EFTPS, IRS said.
The IRS has seen an increase in such scams. Since November, 104 different scams have been identified, with 22 of those coming in June, the most since 40 were identified in March during the height of the filing season.
Tricking consumers into disclosing their personal and financial information, such as secret access data or credit card or bank account numbers, is fraudulent activity that can result in identity theft. Such schemes perpetrated through the Internet are called phishing for information.
Many of these schemes originate outside the United States. To date, investigations by the Treasury inspector general for tax administration have identified sites hosting more than two dozen IRS-related phishing scams. These scam Web sites are located in many countries, including Aruba, China, Italy and Slovakia, as well as the United States.
Other scams claim to come from the IRS, tell recipients that they are due a federal tax refund and direct them to a Web site that appears to be a genuine IRS site. The bogus sites contain forms or interactive Web pages similar to IRS forms or Web pages but which have been modified to request detailed personal and financial information from the e-mail recipients.
The IRS has established an electronic mailbox for taxpayers to send information about suspicious e-mails which claim to come from the IRS. Taxpayers should send the information to: firstname.lastname@example.org. The IRS can use the information, URLs and links in the bogus e-mails to trace the hosting Web sites and alert authorities to help shut down these fraudulent sites. More than 8,000 bogus e-mails have been forwarded to the IRS, nearly 1,300 in June alone.
Mary Mosquera is a reporter for Federal Computer Week.