Tax season brings phishing and other scams

Two things to remember as you prepare to file your taxes: If you get an e-mail from the IRS, it's probably a scam. And don't forget the stamp.

As the April 15 tax filing date nears, online tax-related scams tend to ratchet up, experts say. If you're not careful, you could lose a lot more than just the refund.

"Filing your taxes online is extremely convenient, however if you want to maintain the privacy of your data, you need to ensure that you are connecting to the proper Web site, that the connection is using encryption, and that your computer is free from any malware. If any of these components are compromised then your data is not safe," Ryan Barnett, director of application security research for Breach Security, said on Friday.

"This would be like going to an ATM machine to withdraw money and allowing everyone around you to see your PIN number as you punch it in," he added.

Not only do people have to take precautions in storing and transmitting their data over the Internet, but they also have to be wary of social engineering-type ruses that scammers use to trick people into giving out their sensitive data.

Probably the most common type of tax season scam is the fake IRS phishing e-mail. These e-mails will either claim to be a tax refund or an offer to help file for a refund, settle tax debt, or other aid. (Not long ago, scammers were offering economic stimulus payments, even before the plan was approved.) They will provide a link to a Web site where the visitor is prompted to type in personal data like a Social Security number. Don't trust it, experts say.

"The IRS will never send you an e-mail, especially not to ask you for information," said Johannes Ullrich, chief technology officer of the Internet Storm Center at the SANS Institute security organization.

In its latest monthly spam report, Symantec has a list of the top 20 tax-related subject lines. The list includes: "rebate processor position - we need your help now," "do you owe tax debt? read on," "fast & accurate tax refund," and "$389 desktop, $499 laptop. Amazing tax season 2-day sale."

Also cropping up are fake tax Web sites that offer to electronically file or prepare taxes for individuals. They ask for information including bank account information for alleged refund automatic deposits. However, the sites just steal the data, which can be used for identity fraud and outright theft later.

Using search engines to find someone to prepare or file your taxes is also fraught with risk. Don't do a search on Google using generic tax preparation-related terms or you could get lured by one of the many fake tax-related Web sites, Ullrich said.

"Stick with a name you know, like a big tax office," and search for them or type the URL in the browser, he said.

The IRS has a list of companies that are authorized to do electronic filing but the IRS site doesn't include the exact Web address, according to Ullrich. The IRS site for free e-filing is here.

Beware of bargain prices
Scammers are also selling at bargain prices alleged tax preparation software that is actually bogus and which instead steals your data, said Breach Security's Barnett. "Don't just download the next best free tax preparation software package," he said.

Another potential risk comes from programs that may be on the computer that you don't know about, and not just malware. For instance, if teenagers using the same computer that the tax preparation is done on have downloaded peer-to-peer software make sure the settings on the application do not allow for access to areas on the computer where sensitive data, like tax information, is stored.

Given the propensity for inadvertent file sharing, it might be wise to not use peer-to-peer programs on the same computer where tax data is located, said Coley Hudgins, executive director of Arts+Labs, a venture formed by Microsoft, Cisco, AT&T, NBC, and the Songwriters Guild of America that opposes the use of peer-to-peer networks for sharing copyright-protected content.

Once you've filed your tax forms, don't just sit back and wait for the refund check to arrive. Take precautions to protect the data stored on your hard drive from being stolen by either encrypting it or copying it to a CD and then deleting it from the computer, experts advised.

To prevent against key-loggers that record every key stroke and send the data off to thieves, and other spyware, people should keep their antivirus and other security software updated and their operating systems and applications updated with the latest security patches.

In a sign that at least some people are being cautious, consumers who have filed using Intuit's TurboTax program have been reporting legitimate e-mails from Santa Barbara Bank as fraudulent spam because they link to a site that doesn't look like it is the bank's site, said Andy Klein, a product manager at security firm SonicWall. However, the bank is a transfer agent for the IRS and the Web site in the e-mail is legitimate, offering people a way to check on the status of their refund, he said.

People who don't trust a link should type the URL into the browser to go straight to the correct Web site, Klein said.

And as for anything related to tax filing, he said: "When in doubt, pick up the phone or go straight to the IRS Web site."

[tommoh]

You know, as great as this info is, I hope folks aren't waiting until the last minute to file their taxes... ;)<br /><br />Just kidding. I actually just filed mine. I cut and pasted the appropriate urls coz I keep hearing stories of freaking phishing and MITM attacks. Next year I probably won't even efile out of general fear (and the fact that I don't really want to do my own taxes anymore, but that's a different issue).<br /><br />One addition to the pointers here -- the IRS requires that all efiling sources use Extended Validation SSL encryption, due to the antiphishing protection and more comprehensive background check CAs demand. So, if you ain't seeing the green url bar, do NOT proceed -- <br /><br />http://blogs.pcmag.com/securitywatch/2008/11/irs_to_require_evssl_for_onlin.php

[GailSanders]

Make sure when you're sharing files or backing up your files online that you use a system that allows you to encrypt your files. That way you don't inadvertently share your files with the world. I believe the online backup site http://www.myotherdrive.com allows you to encrypt your files.

[nolosoft]

Do you mind have a look at TradeMax? NoloSoft TradeMax is a tax software designed for active investors or traders to manage their trade data maximize their gain/loss strategy, prepare their Schedule D. <br />More detailed by google.

[nolosoft]

Do you mind have a look at TradeMax? NoloSoft TradeMax is a tax software designed for active investors or traders to manage their trade data maximize their gain/loss strategy, prepare their Schedule D. <br />More detailed by google.

[Seaspray0]

If you've ever wanted to see someone get even with the scammers... www.419eater.com

[chrispatrik]

Some of the so-called "legitimate" online tax prep software is a scam too. I used H&#38;R Block's online site because I wanted to e-file. As soon as they charged my credit card, they informed me that they could not e-file my return due a bug in their software, and I couldn't get my money back because the e-file part is free. What a scam. It's like saying that you are only paying for the cardboard box that your TV came in, so if it doesn't work, tough luck.<br /><br />Of course the e-file is a prominent part of the ad on their website.

[grecs]

Typical for scammers to be taking advantage of things like this.

[austinbarry]

Although not a "scam", watch out for "non-optimal" official e-file services from the states. I started to e-file with Mass DOR using their official webtax site. According to the printed instructions (same source), one can put in a "safe harbor" use tax based on your adjusted gross income, but have to itemize every purchase over $1000. The site simply asks you for your total out-of-state purchases (I.E. virtually everything you buy online). I actually added up my purchases. The site didn't indicate your AGI (needed for the safe harbor) or give you a chance to put in your actual use tax.<br /><br />Net result. I owed a lot more tax using webfile than I did when I did my taxes on paper. Luckily I didn't actually "file" my web file taxes.

[Steve_KTG]

Where ever money is changing hands, especially in a frantic manner and in large amounts, scammers are there to get their piece. This article I read recently on when you do have* to give out your SSN http://www.justaskgemalto.com/en/personal-data/tips/when-should-i-give-out-my-social-security-number reminded me to be extra careful when dealing with taxes. Not that I have to worry about a bigger scam artist ever coming along than the good ol' IRS themselves..

[itrademax]

new features of TradeMax include <br /> <br />Neutral Trend TradeMax is a full featured Vista style trade software specifically designed for active traders and investors to manage their trade data, optimize their gain/loss strategy, and prepare their Schedule D or Mark-to-Market Form(4797). <br /> <br />The new features of TradeMax include <br />1.) Track your trades: You can setup different investment type accounts among whole family and manage trade data over years. TradeMax tracks and categorizes trade data and security price automatically. You can view all investment accounts in one place. <br />2.) Comprehensive Corporate Events Module : Recording various corporate events, such as stock splits, stock merge, spinoff and symbol changes <br />3.) Powerful importing module: TradeMax has pre-defined profiles support most brokers. TradeMax also provides a flexible format reorganization algorithm which allows you to customize your own format. <br />4.) Intelligent Option Cost Basis Adjustment Function: Auto- detecting Assigned, exercised and expired option, also defers cost to corresponding shares with its Option Adjustment function. <br />5.) Handle Wash Sales: TradeMax calculates various Wash Sale scenarios, include but are not limited to, Wash Sale between identical securities (stocks and options), Wash Sales on an unequal number of securities and Wash Sales on Same Day Rule. <br />6.) Simplify tax preparation: TradeMax can assign short trades and convert short / long position, and calculates Wash Sales automatically. You can generate Capital gains/losses report for Schedule D purpose or export *.txf file to popular tax software such as TaxCut, TurboTax. <br />7.) Analyze your trading performance: You can analyze your trading performance easily with the help of WashSales Detail Report,Summary Report, Transaction Report and Daily Market Value Report. <br />8.) Powerful Forex Rate Module:Auto-convert the transactions under Non-USD currency into USD figures. <br /> <br />http://www.itrademax.com