Scammers in the guise of IRS Targeting Hotmail Users
IRS has issued a warning to taxpayers and tax professionals about a phishing email scam that targets Hotmail users and steals their financial information.
The fraud email comes with a subject line that reads “Internal Revenue Service Email No.XXXX”| We’re processing your request soon | TXXXXXX-XXXXXXXX”.The email then coaxes the user to sign a fake Microsoft page with all the details about them both in person and financial.
It has been noted that only Hotmail users get this fraudulent mail, according to 900 complaints that were received by the IRS. The website linked to the scam has been shut down, but the taxpayers have been made aware of such activities that can land them in trouble.
IRS has requested the taxpayers to forward any such email to firstname.lastname@example.org and then delete it. It was also further conveyed to the taxpayers that IRS will not contact them through email to get personal request or financial information.
Tax professionals also should be aware of phishing emails, free offers and other common tricks by crooks. Professionals who do have data breaches should contact the IRS through their Stakeholder Liaison.
According to the IRS publication, “Data Theft Information for Tax Professionals”, tax professionals should review their security methods.
Tax professionals can find more information to protect client data in the IRS publication “Safeguarding Taxpayer Data”. Because tax professionals hold large amounts of client data, cybercrooks often target them, the IRS states.
Here are few tips for tax professionals to avoid or report data breaches:
- Use security software on all computers and devices.
- Routinely perform deep scans to detect malware or other viruses.
- Report data breaches to the IRS, the local office of the FBI and possibly the Secret Service.
- File a report with the local police.
- Email the Federation of Tax Administrators at StateAlert@taxadmin.org to find out how to report victim information to the states.
- Breaches should be reported to the state attorney general in each state where the professional prepares returns. Most states require that the attorney general is notified of data breaches, and that process may involve several offices, the IRS states.
- Consult a security expert.
- Professionals should report the breach to their insurance company and find out if their policy covers data breach mitigation expenses.
Tax professionals also should notify clients of the breach but work with law enforcement on the timing of the notices, the IRS states. Clients should fill out IRS form 14039, “Identity Theft Affidavit,” only if the IRS contacts or writes them or their e-filed tax return is rejected because of a duplicate Social Security number
Kevin Jones720 Posts
Kevin Jones, Ph.D., is a research associate and a Cyber Security Author with experience in Penetration Testing, Vulnerability Assessments, Monitoring solutions, Surveillance and Offensive technologies etc. Currently, he is a freelance writer on latest security news and other happenings. He has authored numerous articles and exploits which can be found on popular sites like hackercombat.com and others.