©9-26-2009 by Donna Cunningham, MSW
I keep wanting to find a way to pass along email scams that I run into, and now belatedly it occurs to me that I DO have a blog and a subscriber list! Below are two new scams, seemingly from identity thieves who are “pfishing”, that I received in the past 10 days.
Fake IRS Notice re: Underreported Income: Guaranteed to send your heart racing even if your tax form is pure as the driven snow! Like many such ruses, they want to scare you so badly that you’ll stop thinking and give them any information they request.
Believe me, if the real IRS thought you were doing that, they’d send you a letter in your real mailbox–maybe even a registered letter. The fake email may not even have your correct email address on it, but it gets to you somehow. It looks like this:
Taxpayer ID: ptmd-00000174073547US
Tax Type: INCOME TAX
Issue: Unreported/Underreported Income (Fraud Application)
Please review your tax statement on Internal Revenue Service (IRS) website at the link below (Donna: link deleted here!!!)
Internal Revenue Service
Fake Notice from your Email Server about an Upgrade: In this example cut and pasted verbatim from an email I received, your first clue is that these jerks can’t spell and are illiterate; the second is that a legitimate server will have warned you to never reply to any message that asks you to send your User name and Password.
WEBMASTER UPDATES [email@example.com]
We zare currently carrying-out a mantainance process to your Email account, to complete this, you must reply to this mail immediately, and enter your User Name here (………..) And Password here(………..) if you are the rightful owner of this account.
Due to the Junk/Spam emails you receive daily, we are currently upgrading all email accounts Spam filter to limit all unsolicited emails for security reasons and to upgrade our new features and enhancements with your new and improved E-mail account, to ensure you do not experience service interruption.
This process will help us to fight against spam mails. Failure to summit your password, will render your email address in-active from our database.
Thanks, WebMaster Support Team.
How to Recognize Fraudulent Emails
For more info about pfishing and other baits that identity thieves use to get you to divulge sensitive personal information, the material below is taken from a page on my website at http://www.moonmavenpublications.com/secureordering.html . (It talks about PayPal.com because that’s the service I use for my ebooks.) It includes examples of fraudulent emails that people have received from identity thieves, claiming to be from PayPal. The thieves have captured and counterfeited certain graphics from the PayPal website–it’s so simple a cave man can do it–but you might easily assume the emails are real.
These fake emails also have a fake email address, like firstname.lastname@example.org–a convincing-sounding address that actually goes nowhere and simply bounces back to you if you use it. Reading them, you can see how slick they are–and how threateningly authoritarian. The language is calculated to frighten you enough that you forget safety precautions.
One that you can read there is a threat to suspend your account if you don’t verify your banking information. The other is a notice that your account has been locked down because you violated their policies. Other scare tactics include emails that warn you that a suspicious charge has been made on your account or that give you a phony receipt for a purchase they claim you made. The wording is guaranteed to scare you into unwise and hasty action if you receive it. Be especially aware not to click on the part that says, “Save my information:”
The dangerous part of these types of emails is a demand for banking information, which will include your account number, social security number, and pass words. For instance, it may say:
“In order to safeguard your account, we require that you confirm your banking details. To help speed up this process, please access the following link so we can complete the verification of your PayPal Account.”
UNDER NO CIRCUMSTANCES should you click on a link like that and give out private information in response to any purported communication from PayPal, your credit card companies, or your bank. If the notice contains a link of any kind, it is a fraud. Precisely because of concerns about identity theft, an email from a reputable financial company will warn you NOT to follow a link. These links lead to fake sites with counterfeit graphics that look exactly like the real company.
There are identity theft prevention pages on the websites of most reputable financial institutions, and they will tell you not to follow such links. Instead open up a new browser window and go to the front page of the company’s web site, signing in with your secure password, and contact the security division of the company. Read their identity theft pages carefully for more hints on how to prevent identity theft. PayPal’s Security Center is an excellent example, and you should read their materials if you already have or are about to open an account there.
Your best defense against identity theft is vigilance and paying attention to your instincts if something is telling you to beware. We would ask that if you order from us and subsequently receive a communication like the ones above, contact their security department to ask whether there is a genuine problem with your account. Forward a copy to email@example.com so that they can keep track of the newest and slickest cons and warn others who may be receiving them. Please also forward a copy to us. If it’s a new one, we’ll post it on this page to warn other customers! YOU BETCHA!
Identity Theft Prevention Resources
Here are some good identity theft resources. If you know of other good non-commercial sites, I’d appreciate hearing of them.
- FTC.gov is an official government site for consumer affairs, but has a library of materials, including information on various state and federal laws.
Colorado’s Attorney General has numerous information pieces about ID theft.
California State’s Office of Privacy Protection has extensive information on ID theft.
Identitythef.org is partly commercial but contains valuable advice for those who wish to prevent ID theft and those who have already been victims.