'Phishing' Season For Tax Scammers

By Caroline E. Mayer
Washington Post Staff Writer
Saturday, February 25, 2006

Marketing pitches masquerading as the 1099 forms detailing non-payroll income have been arriving in taxpayer mailboxes, while e-mails that appear to be from the Internal Revenue Service are really identity theft scams designed to collect personal financial information.

Government officials say they are currently seeing about one widespread IRS-themed e-mail scam a week, but Internet security experts expect them to escalate as the April 15 tax deadline nears.

"Usually these things peak around the time taxes are due," said Dan Hubbard, senior director of security and research for the Internet Web security firm Websense. "Basically it's another timely current event that's on top of people's lists and another lure to deceive people into giving away credentials in some way."

And scammers are capitalizing on the fact that more than half of all tax returns are expected to be filed electronically this year. Consider this recent e-mail claiming to be from the IRS: "You filed your tax return and you're expecting a refund. You have just one question and you want the answer now. Where's My Refund? Access this secure Web site to find out . . ."

The Web site looked like the real IRS site. But it wasn't.

Nor was the Web site link in another recent e-mail using what appeared to be IRS letterhead, posing as notification to the recipient of a $63.80 refund.

Both Web sites asked for Social Security numbers and credit and bank account information, part of an online identity theft scheme known as "phishing."

The IRS warns consumers to disregard any e-mail that purportedly comes from the agency. "The IRS does not communicate with taxpayers electronically," said Richard Morgante, the IRS commissioner of wage and investment. "If you get a communication from the IRS, it is via a letter in the mail or a phone call." If in doubt, consumers should call the agency's toll-free number, 800-829-1040, to determine the legitimacy of any notice, Morgante added.

The electronic solicitations are proliferating at the same time that tax forms are flooding U.S. mailboxes. Most are legitimate 1099 forms sent by companies to individuals declaring dividends, interest and other non-wage incomes they must report to the IRS.

However, a number of these letters are promotions -- usually for loans to refinance a house, consolidate debt or buy a car -- dressed up as a tax form to get a consumer's attention amid the everyday clutter of bills and advertisements.

For example, there's the envelope with bold lettering stating: "Important: Year End Tax and Mortgage Information Enclosed." Inside appears to be a 1099 form for $1,000 to $10,000 of "Lost Non Deductible Interest" that the taxpayer would get from a debt consolidation loan. In the fine print, the letter is called a "Form 1089." There is no such IRS form.

These letters "come around every year" during tax season, said Paul J. Krenn, spokesman for the U.S. Postal Inspection Service, which probes misuse of the mail system.

While government look-alike mailings "are less than desirable," Krenn said they are not an overwhelming source of loss to consumers.

The chief problem seems to be that some consumers have reported throwing away the real 1099s with the batch of promotions they've received.

Government officials said they first started noticing the phony IRS e-mails last year around tax time. They disappeared, only to resurface in November. Since that time, the U.S. Treasury Inspector General for Tax Administration (TIGTA) has received about 1,100 complaints from consumers. William Benton, special agent in charge of strategic enforcement, yesterday said TIGTA has identified at least 12 separate schemes of e-mails impersonating the IRS. Almost as soon as the agency shuts down one Web site, a new one appears. The scammers "are trying to leverage the trust of a government agency and trying to increase the odds of success," said Peter Cassidy, secretary general of the Anti-Phishing Working Group, an association of financial institutions, online retailers, Internet providers and security firms and law-enforcement officials committed to eliminating phishing.

The IRS is an obvious target for scammers, Cassidy added, because it has far more direct correspondence with consumers than a credit union or even a large bank. "Blindly phishing a very small pond, the odds for success are low, but phish an entire U.S. taxpaying population, and the probability of success goes way up. You're phishing a much bigger pond."

The phony tax e-mails are not confined solely to the IRS, said Hubbard of Websense. He said his firm has also seen some fraudulent solicitations allegedly from H&R Block, offering online tax preparation services. The taxpayer is steered to a fake company Web site that asks for personal financial information.

H&R Block said it is aware that scammers periodically use its name and credibility to phish. "When we become aware of these phishing attempts, we investigate promptly," said Murray Walton, the company's vice president and compliance officer on phishing scams.

© 2006 The Washington Post Company