Fifteen years ago, I was almost a multi-millionaire. I received an email from a Nigerian prince whose parents died in a tragic plane crash and he needed to move money around, so he naturally contacted me, a complete and utter stranger, asking if he could wire me $7 million into my bank account, of which I’d get to keep half. I’d have to fill out some forms which included my social security number, bank routing number, etc., and then I’d have a cool $3.5 million to my name. Not bad for an 18 year old college freshman.
Being an 18 year old college freshman (which means, by the way, that a) you know more about the world, about life than anyone else, and b) you’re never wrong) I figured out that this wasn’t quite right – but hey, what if, right?, so I sent the email to my dad, who forwarded it to one of his lawyer friends who promptly told me this is what’s called a scam, or ‘phishing.’ This was the first I’d heard of phishing outside one of my favorite bands, Phish.
As the years progressed, phishsing scams, like the Web, have evolved. The blatant scams of the early days of the Internet are still out there, only now, they make the more intelligent phishing scams seem to be real. Take, for example, this email I got this weekend:
Dear business owner,
A complaint has been filled against you by Mr. Jim Evans, claiming that you and your company are involved in tax-evasion schemes.
The original complaint can be viewed by visiting the following link :
[I DELETED THE LINK]
Before starting an investigation , we are required to check the balance reports of your company and compare them with the data you filled in the tax forms.
Please forward the required reports to : firstname.lastname@example.org
Internal Revenue Service
Looks legit, right? I mean, I’m a business owner (although I don’t know a Jim Evans – that was tip number one this was false), punctuation/spelling is a bit off (scammer uses ‘filled’ instead of ‘filed’ and has spaces between commas and colons), and lastly, I know I’m not committing any tax-evasion schemes.
Now that I’m no longer an 18 year old freshman, and in fact, a 32 year old business owner, I know a bit more about life, the universe and everything. Only a bit more. I quickly deduced this was a scam because I was pretty sure if the IRS wanted to contact me, they would send a certified letter via US Mail.
Obviously, I didn’t click on the link in the email and was a bit taken back when I showed a lawyer friend the email and he said, “Oh, just click on the link.” Glad I have other lawyer friends.
I showed the email to 3 other lawyers over the next 2 days – one’s an internet lawyer and two are Manhattan District Attorneys (or is it Districts Attorney?) – who all said it was a scam.
And when you add the cross-checking of the Internet, doing a search for “derek jones and IRS fraud,” the top reults show that it is indeed a fraud – but a really good looking one.
Intelligent phishing scams are scary, as even Web-savvy users fall for them. When you get an email with an irs.gov suffix, it’s a bit arresting.
So watch out for these scams; if you get an email from someone you don’t know, obey the golden rule – don’t click on any link. If you get an email from someone you do know and the email seems a bit off, call them and ask if they sent you the email.
According to this Allbusiness.com article about the very same email scam:
The IRS provides these directions for forwarding suspicious emails to the IRS:
The IRS does not initiate taxpayer communications through e-mail.
- The IRS does not request detailed personal information through e-mail.
- The IRS does not send e-mail requesting your PIN numbers, passwords or similar access information for credit cards, banks or other financial accounts.
- Report suspicious e-mails and bogus IRS Web sites to email@example.com.
- Current fraud risk related to EFTPS.
If you receive an e-mail from someone claiming to be the IRS or directing you to an IRS site,
- Do not reply.
- Do not open any attachments. Attachments may contain malicious code that will infect your computer.
- Do not click on any links. If you clicked on links in a suspicious e-mail or phishing Web site and entered confidential information, visit our Identity Theft page.
- Use the following steps to report the e-mail or bogus Web site to the IRS.
How to identify phishing e-mail scams and bogus IRS Web sites
- Sample of phishing e-mails
- All IRS.gov Web page addresses begin with, http://www.irs.gov/.
- Are you a victim of Identity Theft?