Catherine Posted February 28, 2016 Report Posted February 28, 2016 From another newsgroup: Phishers are getting more sophisticated. We got an email inquiry. Said they were referred by a tax pro we'd never heard of who "was retiring" We replied that we were interested in talking with them. We got this response: "Thanks for your response. Please View Docs of copy my ID, copies of my last year Tax return details, W-2, 1099 form, year-end investment tax statements, bank interest, mortgage interest, property taxes, medical expenses, contributions and all other supporting documents. I am prepared to pay all professional fees as requested of me. I have uploaded all documents on Google docs, kindly click on Google docs to view and download my documents with any of your email account." The link was not to Google Docs and nothing was shared to us on Google Docs. 1 Quote
FDNY Posted February 28, 2016 Report Posted February 28, 2016 I've received about 4 or 5 of these this year. Title of e mail is usually here's my tax return docs or here's my 1040 from last year. There is always someone's name and they have mentioned Google Docs. I replied to the first one with a request for them to identify themselves. No answer. Now I just delete before opening. I brought this up on the ATX board and someone who also rec'd these e mails said he just sends them an engagement letter to sign. That made me smile. 2 Quote
jklcpa Posted February 28, 2016 Report Posted February 28, 2016 I wouldn't open an email like that, just delete it. 3 Quote
Lynn EA USTCP in Louisiana Posted February 28, 2016 Report Posted February 28, 2016 Forward to [email protected] 3 Quote
Catherine Posted February 28, 2016 Author Report Posted February 28, 2016 30 minutes ago, lynn EA in Louisiana said: Forward to [email protected] yes BUT include ALL the headers so the source can be tracked back. Most email programs hide the long list of headers, but there is almost always an option (somewhere) to show all headers. 5 Quote
TAXMAN Posted March 3, 2016 Report Posted March 3, 2016 I received one this AM that sys "Hello you did my return 2 years ago. Attached is my w-2 and 1099 and a copy of last year". BTY there was no attachment. Delete ASAP. 3 Quote
easytax Posted March 4, 2016 Report Posted March 4, 2016 7 hours ago, TAXMAN said: I received one this AM that sys "Hello you did my return 2 years ago. Attached is my w-2 and 1099 and a copy of last year". BTY there was no attachment. Delete ASAP. Received same as stated. I did reply (only) asking for phone and best times to call --- guess what --- no replies??????? s/ Must be a government employee with spare time, just playing around till busy .... 1 Quote
Catherine Posted March 4, 2016 Author Report Posted March 4, 2016 15 hours ago, easytax said: <snip> s/ Must be a government employee with spare time, just playing around till busy .... Maybe one of the ones NOT answering phones at the IRS! 1 Quote
Lion EA Posted March 9, 2016 Report Posted March 9, 2016 Received this morning spoofing one of my biz clients: Request for Employee W-2s Email from ROBERT CAREY: Request for Employee W-2s 8:55 AM ROBERT CAREY To [email protected] Hi Rita, Could you please forward me a pdf copy of all employees' W2s? I would like to make a quick review. Thanks Robert sent from my iPhone Quote
JohnH Posted March 9, 2016 Report Posted March 9, 2016 I don't open attachments from anyone unless I have spoken with them in advance. This even includes my sister who is always emailing me cartoons and such. Virtually nobody does business on an unsolicited basis via email, so I think it's wise take that same position regarding emails from "potential" clients. It's almost always gong to be a scam - strictly trash-box worthy. Quote
Lion EA Posted March 9, 2016 Report Posted March 9, 2016 That's why this supposedly-within-the-same-biz email probably catches a few that would never open a link nor Reply to an outsider without checking with their boss. This supposedly came from the boss. It was well written, and at a large company probably gathers a lot of W-2s. Even when you hover over the Sender's email address, you get the same email address, but both are formatted wrong for my client. The phisher set up an email address to receive W-2 copies that uses the company's own domain name. Luckily, this is a tightly held S-corp with a specific formatting to their email addresses, a Paychex binder kept in the supposed sender's closet, and he uses an Android, so it stood out to me. I warned his staff, just in case. 1 Quote
Catherine Posted March 9, 2016 Author Report Posted March 9, 2016 2 hours ago, JohnH said: This even includes my sister who is always emailing me cartoons and such. My cousin sends me stuff ALL the time, and it used to be just a link. I have taught her to include *words* to me such as "Hi Catherine yes I've been to this link it's OK - Norma" and then I'll trust it. Quote
TAXMAN Posted March 10, 2016 Report Posted March 10, 2016 I get my guys to add in bold the word testing spelled backwards. Instant know if good or not. 3 Quote
Abby Normal Posted March 10, 2016 Report Posted March 10, 2016 I almost clicked on this, but I hovered instead and saw the link. I've never had a tax preparer targeted scam before. Bastards! 2 Quote
JohnH Posted March 10, 2016 Report Posted March 10, 2016 1 hour ago, TAXMAN said: I get my guys to add in bold the word testing spelled backwards. Instant know if good or not. Great idea. I think I'll tell trusted senders to put the word "mapston" in bold letters. 2 Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.