LISTEN: mp3 audio (3:46 min)
The surge in electronic communication, including financial transactions, has spurred an identity theft activity known as “phishing,” where criminals use bogus e-mail messages and phony websites to trick unsuspecting individuals into providing confidential financial information. It is both amazing and scary to see the ingenuity that goes toward the never-ending quest to obtain someone else’s name and financial data for fraudulent purposes.
For identity thieves, a Social Security number is a prized piece of information. So while it seems outrageous, some of the most audacious phishing schemes involve the impersonation of government agents. For example, what better way to obtain someone’s SSN than to pose as a representative of the Internal Revenue Service? It’s not just that the IRS uses your SSN for tax purposes, but many citizens perceive an aura of mystery and dread about the IRS – when they speak, you listen…and obey.
The following is a copy of an e-mail received Wednesday, November 25, 2009. (The recipient’s name has been changed). How would you respond?
Phishing E-mail
Even though you’re skeptical, your mind races for a moment or two. You ask yourself “Is this legit? Did I really underreport my income? Are they accusing me of fraud?”
When you roll the mouse over the sender’s e-mail address, it reads “mail@irs.gov.” The official IRS website is www.irs.gov., which sure seems the same.
Of course, a little research tells a different story. Starting at the IRS website, there’s a special section on phishing scams. A call to an IRS 800 number verifies that the correspondence is bogus, and the agency requests that the e-mail be forwarded to them. A few minutes later, there’s a new message in your in-box, this one from the “real” IRS. It reads:
Just for emphasis, let’s repeat the key phrase from the IRS correspondence: Please note that the IRS does not contact individuals by email. End of story. You don’t need to know anything beyond that to determine if the correspondence is a phishing attempt.
However, there are several sobering conclusions from this information: First, whoever is willing to impersonate the IRS to get personal information has a lot of chutzpah. Even though they know the IRS is aware of their activity, these phishers are still doing it. Second, the activity must be effective, because it wouldn’t make sense to risk jail time on something that wasn’t paying off. Third, your financial information must be pretty valuable if people are willing to take on such occupational hazards.
The security of your financial data should be a high priority item in your everyday financial activities. A lack of attention to this detail can be hazardous to your financial well-being.
