Accessibility Skip to Top Navigation Skip to Left Navigation Skip to Main Content IRS Video Portal logo
Search:
Online Fraud and Identity Theft  08/15/09
The information contained in this presentation is current as of the date it was presented.
It should not be considered official IRS guidance.
TRANSCRIPT

Hello, I'm Chris Neighbor, assistant to the director, Office of Privacy and Information Protection. This is a reenactment of the IRS's National Phone Forum delivered in August 2009. The phone forum was titled "Everyone's at Risk: Combating the Increasing Threat of Online Fraud and Identity Theft."

This presentation is designed to provide information, and should not be used as a specific determination for your situation.

The 2006 Business Software Alliance and Harris Interactive Survey shows that almost 30 percent of adults shop online less, or not at all, due to fear of identity theft. The 2007 PhishTank report shows that IRS is the 24th most spoofed brand in the world.

In addition, 2009 Symantec's Internet Security Threat Report indicates Web surfing remained the primary source of new computer infections in 2008. The Underground Economy report shows that credit card information, other financial information and phishing/spam information are the top three selling items in the underground economy.

The IRS continues to modernize its infrastructure based on e-Gov initiatives, with the objective of deploying more interactive, Internet-based applications to provide taxpayers available and efficient self-service. Any loss of taxpayer confidence in this electronic interaction undermines this strategy and its investments.

The IRS Online Fraud Detection and Prevention Office helps protect taxpayers who are using computers to conduct business with the IRS. This office works to reduce online fraud against the IRS and taxpayers by monitoring, identifying and taking down bogus sites and phishing scams.

The Federal Trade Commission estimates that more than nine million Americans become the victims of identity theft each year. Skilled identity thieves use a variety of methods to get personally identifiable information from victims. These methods may include:

  • Dumpster diving, or rummaging through trash
  • Skimming, or using stolen credit/debit card numbers using a special storage device, and
  • Phishing, commonly a "Get Your Refund" fraudulent e-mail pretending to be a legitimate institution

Phishing is the act of sending an e-mail to a user, falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft.

The IRS is a top target for phishing scams. Victims fall for the scheme because they want to comply with their tax obligations. Once they enter their personal information, the criminal has it and can use it for a variety of illegal means.

The IRS does not initiate taxpayer communications through e-mail, nor do we request detailed personal information through e-mail.

Examples of this type of identity theft may be spam-based or an unsophisticated attack methodology. Awareness is an effective countermeasure.

E-file phishing sites may be Web-based sites, or advertised through commercial pay-per-click. They may also capture the victim's tax information and reroute the refund to the phisher's bank account, or request that tax returns are submitted through valid Electronic Return Originators, or EROs.

Be cautious of stealing also, including wallets, purses, and mail.

Statistics show that phishing scams grew tremendously from 2005 to 2008. For example, 2005 reports only four scams, whereas 2008 shows more than 3,000. However, the numbers fell sharply in 2009, coming in at just a little more than eleven hundred. This is proof that the IRS is taking steps to combat schemes.

In one case, convicted felon, Evangelos Soukas, revealed how he defrauded the IRS and committed identity theft against U.S. taxpayers. Soukas used personal information stolen from taxpayers by an entry-level employee at a cell phone company to file false tax returns and obtain fraudulent refunds.

He told the Senate Finance Committee that using stolen identities to apply for tax refunds was, quote - "an easy way to make money quickly." Soukas is now serving a seven-and-a-half year federal prison sentence for identity fraud, filing false income tax returns, wire fraud, and mail fraud.

Here's some information on another popular case, commonly referred to as the Dark Market takedown. In October 2008, the FBI and its global partners in the UK, Germany, Turkey, and other countries arrested 56 individuals worldwide culminating from a two-year, undercover cyber operation.

Cyber criminals established an online "supermarket" for buying and selling stolen credit card data, login credentials, and electronic equipment for financial crimes. Over 2,500 members registered during the peak.

An FBI agent infiltrated the site posing as a cyber crook and rose to the rank of a site "administrator." The operation prevented about $70 million in potential losses.

Evolving cyberspace threats include: increasing sophistication of cyber attacks, or click jacking; botnets; cyber-espionage efforts run by well-resourced organizations looking to extract large amounts of data; increasing frequency and scale of cyber threats; and a shift from "glory-motivated vandals" to "financially and politically-motivated cyber-criminals."

Increasing popularity of social networking sites such as Facebook, LinkedIn, MySpace, Twitter, etc. creates new opportunities for identity thieves and cyber criminals to commit fraud and online crime.

Mobile phones and "smart" phone devices such as Blackberrys, iPhones, etc., now serve as pocket computers for personal and business use because of their portability and ability to store, transmit, and share large volumes of information. However, the security of these devices is a concern.

Be very cautious of suspicious Web sites that appear similar to legitimate sites. Also, be aware and advise clients to be aware of the serious threat. I’ll read an excerpt from an actual fraudulent letter sent to an unsuspecting taxpayer, dated April 18, 2008, sent from service@irs.gov. The subject line was, "Get 2008 Economic Stimulus Refund ($1800)". The following is an excerpt.

  • "Over 130 million Taxpayers will receive refunds as part of President Bush's program to jumpstart the economy.
  • Our records indicate that you are qualified to receive the 2008 Economic Stimulus Refund.
  • The fastest and easiest way to receive your refund is by direct deposit to your checking/savings account.
  • Please click on the link and fill out the form and submit before April 18th, 2008 to ensure that your refund will be processed as soon as possible.
  • Submitting your form on April 18th, 2008 or later means that your refund will be delayed due to the volume of requests we anticipate for the Economic Stimulus Refund.
  • To access Economic Stimulus Refund, please click here."

The link pointed to a fraudulent Web site.

The IRS's Identity Protection Specialized Unit opened October 1, 2008 to help resolve identity theft victims' issues quickly and effectively. Specifically, taxpayers can call a dedicated toll-free number, 800-908-4490, Monday through Friday, from 8 a.m. to 8 p.m. local time. A single customer service representative will work with each victim to answer questions and resolve issues. In addition, taxpayers can use a new and simplified process to verify their identity, and self-report identity theft before it affects their tax accounts.

Callers may also self-report incidents where they may be at risk for identity theft because their personally identifiable information has been compromised, for example, in the case of a stolen purse or wallet. Finally, taxpayers who already had their tax accounts affected by identity theft, but have not yet had their issues resolved, may receive assistance.

Identity theft can affect your tax account. Consider the "what if’s" if an undocumented worker uses your Social Security number in order to get a job. Or consider the consequences if an identity thief files a tax return with your Social Security number in order to receive a refund.

Account indicators were implemented that mark taxpayer accounts to track identity theft and prevent victims from encountering the same problems year after year, and to protect taxpayers from future harm. Specific indicators have been developed to track taxpayers who currently have tax problems related to the identity theft, track taxpayers self-reporting identity theft to the IRS with no current tax problems related to the identity theft, assist in distinguishing legitimate returns from fraudulent returns submitted by identity thieves, and track identity theft, refund crime and phishing victims.

Use of these indicators allows IRS to scrutinize all returns filed using these taxpayers SSNs. Beginning January 2009, returns filed using Social Security numbers with these indicators go through a series of business rules to distinguish legitimate returns from false or fraudulent returns. Returns that do not pass the business rules will be deemed "unpostable" and removed from normal processing for further analysis.

The Office of Management and Budget directs IRS and all federal agencies to address identity theft and develop a notification process related to data loss incidents.

The IRS Identity Protection Strategy focuses on three areas to address identity theft. The first is victim assistance, which will assist taxpayers with resolving tax issues that arise from identity theft as quickly as possible and with minimal disruption. Next is outreach to increase taxpayer awareness of identity theft through multiple communication channels and education efforts. Finally, prevention to build a strong program to significantly reduce incidents of identity theft and protect taxpayers.

The IRS has made significant progress in the area of identity protection this year.

Remember to protect Social Security numbers and other account numbers, access codes, and personal data. Be sure to dispose of the data carefully, which may include shredding.

It is a good practice to check credit reports at least annually, and to check bills and financial statements routinely for unauthorized activity.

Some excellent information technology recommendations include subscribing to or installing antivirus services or software; being aware of suspicious e-mails with Web links or attachments; and protecting your laptop and personal digital assistants, or PDAs.

It's also a good idea to have a plan for disaster recovery or continuity of operations, and to practice using your back-up system. Be sure to routinely perform a back-up of all your critical data, and develop an IT security policy for your agency or company that may include rules for file sharing.

Taxpayers who suspect they have received a phishing email should not only avoid opening any attachments contained in the e-mail or clicking on any links, but they should also forward the message or Web site URL to the IRS at phishing@irs.gov.

IRS uses the information, URLs and links in these suspicious e-mails to trace the hosting Web site and alert authorities to help shut down the fraudulent sites.

If you are a victim of ID theft, contact your financial institutions and take appropriate action. You should also contact credit bureaus to request a fraud alert, and get free copies of credit reports from Equifax at www.equifax.com, Experian at www.experian.com, and Trans Union at www.transunion.com.

Be sure to file a police report with local law enforcement, and also contact the Federal Trade Commission at FTC.gov.

This has been an audio reenactment of the August 2009 National Phone Forum, "Everyone's at Risk: Combating the Increasing Threat of Online Fraud and Identity Theft." For the IRS, I’m Chris Neighbor.