Curse

Alex Morningstar · Jan 29, 2008, 06:44 PM // 18:44

Sorry in advance if the picture is too large. It's getting posted in several places.

I posted this on my guild/alliance pages because I could see how easy it would be for those not web-savvy to fall prey to this. According to the IRS (actual) site, this happens a lot around tax time (Jan-April) and the attacks and scams are only getting harder to detect, easier to fool and resistant to getting shut down.

I got a text message on my phone from a 3700 saying I had .3 credits with the IRS. I think, great (especially since I hadn't filed my taxes yet this year)! I check out the site they listed and noticed several things wrong.

It's a HTTP:// protocol, anything that wants your bank account, SSN (Aka tax ID), any legit site will have a HTTPS://, the s meaning secure. This cannot be faked.

The IRS is a branch of government, therefore any and all it's sites are going to end in .gov. This site ends in .com and does not have it's branch's name (IRS) in the domain.

The logo, looks like it doesn't quite fit where it's been placed. The links on the site, points to irs.gov.

It also lists a refund amount before you give any information. Not enough to turn heads, but enough that it would make people want to sign over their info.

Do NOT fall for this scam. Any time you do business online, make sure the site has https://, not http://, and no legit site is going to ask for your SSN and bank account, credit card info on the same page. No site will ever, under any circumstances ask for your Personal Identification Number (PIN) that you use at the ATM.

Scam Site:

legendary_Ace · Jan 29, 2008, 07:23 PM // 19:23

Wow! Thanks, I'm not doing taxes but I think people who aren't too bright with computers might REALLY need to know this.

freaky naughty · Jan 29, 2008, 09:24 PM // 21:24

This happened to my grandfather once, the "IRS" sent him a paper asking a whole lot of way too personal questions. English is his third language so he didn't think he could fill the whole thing out. He sent it to my dad and my dad called the IRS and they said that they wouldn't ever ask questions like the one on that paper. So he just ripped it up and told my grandfather to forget it.

The Bard · Jan 29, 2008, 09:48 PM // 21:48

ooh nice head up!
this might be a good time to advice people to stop using internet explorer and start using firefox/opera. Since at least firefox is very good at detecting scam pages like this one and flashes a rather big pop-up thing if the site you ended up on seems fishy. just an extra tip

Kusandaa · Jan 29, 2008, 09:54 PM // 21:54

Not in the USA, but will forward this to my American buddies. O_o.

quickmonty · Jan 29, 2008, 09:56 PM // 21:56

Nice 'heads up'.

First red flag .... text msg from IRS?

Alex Morningstar · Jan 29, 2008, 10:52 PM // 22:52

Quote:

Originally Posted by The Bard

ooh nice head up!
this might be a good time to advice people to stop using internet explorer and start using firefox/opera. Since at least firefox is very good at detecting scam pages like this one and flashes a rather big pop-up thing if the site you ended up on seems fishy. just an extra tip

Yeah, that's great if you can't sure out how to pay attention to your web browser. It isn't hard to see if there is no s in the protocol in the url, or that there is something fishy about the site. The internet is just like real life, enter at your own risk. People think that because they are sitting in their seats at home, that they can be irresponsible and let their guard down.

I rather use IE, and be responsible for my own protection, than to rely on FireFox and then not know what I need to be looking for.

Just my own personal opinion.

Quote:

Originally Posted by quickmonty

Nice 'heads up'.

First red flag .... text msg from IRS?

Think about it... does the IRS seem the type to send a text message to your phone? One year I forgot to sign a form, and they sent me the form back to resign, saying it had to be turned in by a date before it was postmarked.

Yeah, text messages seem a bit beyond the IRS.

VitisVinifera · Jan 30, 2008, 03:21 AM // 03:21

while the scam is pretty obvious, that's a great point made about https vs http. I'll remember that.

RPGmaniac · Jan 30, 2008, 03:35 AM // 03:35

I didn't know about the https thing either. I had noticed it but I always ignored it. That'll come in handy when I actually get a credit card and whatnot.

HayesA · Jan 30, 2008, 05:28 AM // 05:28

Usually just print my tax forms, or get them from my local post office. I don't like the idea of paying someone to do my taxes for me. Call it a trust issue. ;-)

StueyG · Jan 30, 2008, 05:33 AM // 05:33

Most anything online to do with money = silly imo. Unless you like someone running around with your info. ;P

lakatz · Jan 30, 2008, 06:20 AM // 06:20

You pointed out every clue but the two most obvious ones.

"Get tax refund on your Visa or MasterCard now!"

Okay class... what's wrong with this picture? Anyone?

Now that you're LYAO, look at the rest of the form and proceed to ROTFLYAO.

And obvious clue #1 - a field for your pin number. Field for pin number = phishing scam. It's the first thing listed in every email your ISP sends and/or in the articles on their website warning you about phishing scams.

That said, it's still very nice of the OP to remind everyone about phishing scams. Obviously... reading some of the responses here... we still need reminding.

Quote:

Originally Posted by StueyG

Most anything online to do with money = silly imo. Unless you like someone running around with your info. ;P

I've e-filed every year for several years and never had a problem, I pay all my bills online, and it's safer to buy online than in a retail store.

http://www.msnbc.msn.com/id/20979359/
http://www.theregister.co.uk/2003/11...t_in_michigan/

artay · Jan 30, 2008, 07:14 AM // 07:14

Heh when I typed in the address in the img, firefox alerted me that the site was suspected to be a scam.

I can always rely on you my precious fox.

*strokes firefox*

StueyG · Jan 30, 2008, 10:45 AM // 10:45

Okay so you're one of how many people in the world? And because "you have never had a single problem" that means it is fail proof? And the really silly thing is that all that info stolen was from computers, and because it is not run through the department stores it is safer? I was not trying to say to freak out and be paranoid about online - but to say "online is safer than a retail store" is bs. I have seen many of these "perfect fail safe" online stuff hacked, changed, know people who have had info stolen, etc. Also have seen them come with nice new pop ups that mimic the same page you were on to phish your info.

Woo · Jan 30, 2008, 10:50 AM // 10:50

Thanks alot for the info.

Muspellsheimr · Jan 30, 2008, 11:17 AM // 11:17

Quote:

Originally Posted by StueyG

Okay so you're one of how many people in the world? And because "you have never had a single problem" that means it is fail proof? And the really silly thing is that all that info stolen was from computers, and because it is not run through the department stores it is safer? I was not trying to say to freak out and be paranoid about online - but to say "online is safer than a retail store" is bs. I have seen many of these "perfect fail safe" online stuff hacked, changed, know people who have had info stolen, etc. Also have seen them come with nice new pop ups that mimic the same page you were on to phish your info.

Nothing is fail-proof. Let me repeat that. NOTHING is fail-proof. However, as long as you are aware of how to identify phishing attempts, the internet is as safe, and sometimes moreso, than walk-in. Even if you are not aware of how to identify false sites, as long as you stick to those you do know, no problem (aka don't follow links, type the address yourself).

And it is easier to steal card info, ect. at a physical store than a digital one.

Alex Morningstar · Jan 30, 2008, 01:03 PM // 13:03

Quote:

Originally Posted by lakatz

You pointed out every clue but the two most obvious ones.

I left them out because I would hope that asking for your PIN, which you are told to NEVER give to anyone, would be fairly obvious. As for the refund on a MasterCard/Visa, a lot of people have bank cards w/ a logo, and H&R Block now offers refunds starting this year, on a plastic card. The HTTP:// S thing and the .com, weren't as obvious, so I highlighted those.

As for my taxes, I do my taxes online, and do my banking online, but only directly with the company. You can get your shit stolen just as easily in real life, all they need is that machine you swipe your card with, it can keeps track of the information.

It's like anything else, you need to pay attention to what you are doing and not be careless, and not take risks. If you choose not to do any business on the intrawebs, that's your choice, but honestly in my opinion, it's not any safer than some newly hired tweaker meth junkie sitting there with a fake card swipe at the gas station.

The most important thing they need, isn't your bank account numbers, it's your address, DOB and SSN. With that, they can make new accounts which is what is going to screw you over. When the bank calls going "hey, you're $10,000" in the hole."

"Uh, I don't have an account with you."

"...o rly?"

"Rly."

"..."

lakatz · Jan 31, 2008, 07:08 PM // 19:08

This is not the scam the OP is referring to which is a scam that comes around every tax season.

The newest scams (which just started) are counting on taxpayers not keeping informed on the status of the economic stimulus tax rebate package that has been (and STILL is) going through the legislative process. It passed the House and is currently being debated in the Senate... more like being restructured in the Senate.

"Under one scheme, the IRS said, people are receiving phone calls telling them they can only receive a rebate if they provide bank account information for a direct deposit.

The tax agency stressed that it does not collect information by telephone and that no legislation has been enacted that would allow it to provide advance payments to taxpayers or that specifies the details of those payments."

http://money.cnn.com/2008/01/31/pf/t...ex.htm?cnn=yes

Aera · Jan 31, 2008, 08:49 PM // 20:49

The sad thing is, that with these scams, only a few people have to fall for it and they're stinking rich.

/sue

R A C · Feb 01, 2008, 06:15 AM // 06:15

This is why I decided to go with H&R block online and TurboTax. They are clearly not trying to scam me, and I got my refund direct deposited by the irs and got a deposit notice a few weeks later.
But yes, always know what website you are actually on and whether they actually need what they are asking for. Graphics/logos can be faked, web urls and IPs not so much.