Alert: Protect Yourself from Email and Phone Fraud

Your personal information is a sought-after commodity by professional criminals, and especially this time of year, when people are most engaged with state and federal taxing authorities. The two primary ways in which criminals seek to steal your information, how to identify fraudulent communications and steps to take are included below.

Phone calls:

The IRS has issued a new warning about phone scams, having discovered that criminals “alter caller ID numbers to make it look like the IRS or another agency is calling. The callers use IRS employee titles and fake badge numbers to appear legitimate. They may use the victim’s name, address and other personal information to make the call sound official.” Sometimes, they are ‘robo-calls’ that request a call back. These calls can be aggressive and threatening.

Please remember that the IRS will never:

• Call to demand immediate payment using a specific payment method.
• Threaten to immediately bring in local police or other law-enforcement group to have the taxpayer arrested for not paying.
• Demand that taxes be paid without giving taxpayers the opportunity to question or appeal the amount owed.
• Ask for credit or debit card numbers over the phone.
• Call you about an unexpected refund.

To learn more about what to do in the event you suspect an IRS phone scam, read this most recent alert from the IRS.

Email:

Your email (personal and corporate) is a magnet for those who would infiltrate it to gather your personal identity, other information and access to your contacts. Once taken, that information can be used in a variety of harmful ways – both financial and technological.

Those who seek to maliciously use email to gather your personal or corporate information (‘phishing’) have become quite good as disguising the email address, subject line and content to more easily pass as legitimate. Therefore, it is imperative that you exercise extreme caution before opening any email, and when you do open an email, to take additional precautionary steps prior to clicking on anything in the body of an email.

Below are the Securities and Exchange Commission’s list of phishing indicators. The full list along with details and action steps to take can be found on the SEC site here.

Names of Real Companies — Rather than create from scratch a phony company, the fraudster might use a legitimate company’s name and incorporate the look and feel of its website (including the color scheme and graphics) into the phishy email.

“From” an Actual Employee — The “from” line or the text of the message (or both) might contain the names of real people who actually work for the company. (Note from Smith and Howard: checking the actual email address as opposed to just looking at the display name can tell you right away if it is actually from the individual whose name is displayed. Also, ask if you would normally receive an email from this person.)

URLs that “Look Right” — The email might include a convenient link to a seemingly legitimate website where you can enter the information the fraudster wants to steal. But in reality, the website will be a quickly cobbled copy-cat — a “spoofed” website that looks for all the world like the real thing. In some cases, the link might lead to select pages of a legitimate website — such as the real company’s actual privacy policy or legal disclaimer. (Note from Smith and Howard: such simple things as the letter O being replaced with the number 0 in a domain or company name can be an indicator of a fraudulent communication.)

Urgent Messages — Many fraudsters use fear to trigger a response, and phishers are no different. In common phishing scams, the emails warn that failure to respond will result in your no longer having access to your account. Other emails might claim that the company has detected suspicious activity in your account or that it is implementing new privacy software or identity theft solutions. (Note from Smith and Howard: legitimate financial organizations will not communicate with you via email on matters of this type of urgency. Do not respond to the email.)

At Smith and Howard, we have also found other common indicators of phishing, including:

• Attachments – Determine if attachments appear to be real or for a service you have used before. Often, attachments request action or information that you have never been required to provide before.
• Personal information – No one should ever ask for – nor should you provide – personal information in an email, including social security numbers; dates of birth; address; email address(es); IRS PIN(s); employer(s) name(s) and address(es); employee identification number(s), filing status, investment or bank account information and salary and/or salaries.

Please exercise extreme caution with emails, both on desktop and mobile devices. We live in a fast-moving, quick-response world. Take a moment to dig deeper into emails before opening, clicking and/or responding. It could save time, money and your identity.