Variation on a theme, new email phishing scam

[jklcpa]

IRS posted IR 2016-123 today about a new phishing scam where recipients receive an email with an attachment containing a fake CP2000 IRS notice related to the Affordable Care Act and having a balance due that is small enough that the recipient may not question the amount and just pay it.

Besides the obvious fact that IRS will not contact taxpayer's by email, other telltale signs include instructions to make payment to "IRS" (payments are correctly made to "United States Treasury") and the address is to Austin Processing Center with a P.O. box that does not match the Austin center's address.

Safe link to IRS news release page, specifically for this release: https://www.irs.gov/uac/irs-and-security-summit-partners-warn-of-fake-tax-bill-emails

[SaraEA]

Talk about dumb crooks.  Guess they never imagined that the IRS now has 16 cameras sighted on that PO Box and an agent sitting in the parking lot ready to pounce.

Today a client brought in a notice they received in the mail about an IRS lien from 2011 (which did exist back then) and a proposed settlement for something like one-tenth the amount of the lien.  I long ago filed the missing returns and as far as I know the lien was removed (client had refunds for all six missing years).  I googled the phone number and up came many scam reports, with one poster remarking that they were using old data bases of lien info.  This message came in the mail, not by phone or internet, so I guess that's one more warning we have to give our clients.

[jklcpa]

If this worked at all though the crooks could easily change the letter to say to contact IRS at a stated phone number for instructions on how to make payments, then still scam unsuspecting individuals.  I shared it so we'd be aware that crooks are now trying emails with attachments too.

[SaraEA]

Stop telling the crooks how to make their scams work!  What we want are dumb criminals.  The reason the phone scams are so lucrative is that the callers are part of organized criminal syndicates with lots of resources to hire well-paid, very smart people to carry out their schemes, including spoofing phone numbers and IP addresses and creating mazes so the payments can't be traced to the recipients.  Or trolling the internet and social media to learn enough about victims to get into their IRS transcripts or IP PIN accounts.  I already related the tale about my clients who had identity theft in 2014 and filed 2015 using IRS-issued IP Pins, only to have the same thing happen.  Those crooks sure are brazen to enter an IRS website to retrieve a new filing number after they already stole using these people's credentials and the IRS obviously knew about it.  Kind of like breaking into the same person's house twice, realizing they bought attack dogs and guns after the first incident.  As I said, these people have all the time and money and brains they need to steal from the US gov't.

For those of us who use e-services, the IRS has announced that after late October we'll have to authenticate ourselves and set up a new password and/or user ID.  After that, every time we use the service we'll have to enter a single-use code that will be sent as a text to our cell.  While some financial sites use this added security layer, what's to prevent a thief who already stole someone's login credentials (or got new ones by pretending they are that person) from inserting their own (spoofed) cell phone number?  Can this really work, or is it just another hurdle the thieves will soon learn to navigate?

[Jack from Ohio]

Until the education level and common sense level of Americans comes back to the point where most people are not intentionally apathetically ignorant, these scams will continue to work. 

These scams only work on the gullible.

[Catherine]

On 9/24/2016 at 10:37 AM, Jack from Ohio said:

These scams only work on the gullible

Not only -- they work on the scared, too.  The very success of these scams is a testimony of the mean-spirited and over-eager tactics the IRS has used in the decades of its existence.  If they were not ham-handed and holding a well-deserved reputation of unreasonableness, these scams would NOT work.  
 

(That does not mean crooks would not find another way to scam people; they would.  But it would take more effort on their part to succeed in stealing.)