IRS: Identity Theft on Business Tax Returns Soaring


Photo credit: iStock/JoKMedia

While tax-related identity theft against individual taxpayers is on the downswing, fraudsters have increased efforts on another front to obtain illicit refunds: Stealing identities of legitimate American companies to file bogus business tax returns.

In the first five months of this year, the Internal Revenue Service flagged some 10,000 business returns for suspected tax-related identity theft – a 250 percent increase from the 4,000 cases in all of 2016 and 2,757 percent uptick from 350 suspected cases in 2015. The IRS estimates potential losses from business-related ID theft against corporations, partnerships, limited liability companies and other business entities at $137 million so far in 2017, compared with $268 million in 2016 and $122 million in 2015.

Meanwhile, during the same January-through-May period of 2017, the IRS reports that 107,000 individual taxpayers reported being victims of tax-related ID theft. That’s a 47 percent drop compared to the same period in 2016, when 204,000 consumers filed victim reports with the agency (with 376,500 for all of 2016). In the first five months of 2015, the IRS received almost 297,000 reports from individuals, and 698,700 for that entire calendar year.

“Cybercriminals are showing increasing savvy and tax expertise as they use stolen data, sometimes from tax practitioners, to file these business, partnership and trust returns for refunds.” notes the IRS. “Or they post the stolen data for resale on the Dark Net so that other criminals can file fraudulent tax returns.”

Historically, business-related identity theft aimed for refunds for benefits such as fuel tax credits. But scammers are now filing fraudulent corporate returns (Forms 1120 and 1120S) and estate and trust returns (Form 1041) to obtain fraudulent refunds. The IRS says that crooks are also using fraudulent Schedule K-1 filings made by partnerships to file bogus individual returns.

Meanwhile, tax preparers themselves are an increasingly popular target among scammers. During the first five months of 2017, there were 177 reported data breaches at tax preparers’ offices – and the IRS “continues to receive reports of three to five data breaches each week.”

Just weeks ago, the IRS warned about a new scheme – phishing emails being sent to accountants and other tax professionals “seeking extensive amounts of sensitive preparer data” that could enable scammers to steal client data and file fraudulent tax returns. These bogus emails, purportedly from a major tax software education provider in the U.S. (which the IRS did not identify), claims a database problem in requesting tax preparers’ log-in credentials, answers to “secret” security questions, birth dates, Social Security numbers, even the maiden names of their mothers.

IRS Commissioner John Koskinen credits the decline in tax refund fraud against individuals to an information-sharing partnership launched in 2015 by the IRS, state tax officials, and tax industry professionals and organizations, including tax-preparation software companies. In an effort to drive down refund fraud against corporations and partnerships, the IRS and other members of the partnership have urged tax preparers to increase security safeguards – and be suspicious of any potential business clients claiming they do not currently have an Employer Identification Number.

For the 2017 filing season, the tax software industry began sharing “data elements” from tax returns with the IRS and states to help spot suspected identity theft on business returns. Those efforts will be expanded next year; also in 2018, the IRS will be asking tax professionals to gather more information on their business, trust and estate clients – including the name and Social Security number of the company contact authorized to sign the business return and details about the firm’s tax payment history.

Worried that your firm has already been targeted – or victimized? Warning signs of business-related identity theft for filers of business, partnerships, estate and/or trust tax paperwork (and their tax preparers) include:

  • An e-filed return, or filing extension request, being rejected because a return with the Employer Identification Number or Social Security Number has already been filed.
  • Receiving an unexpected receipt of a tax transcript or IRS notice that doesn’t correspond with anything the business submitted.
  • Failure to receive expected and routine correspondence from the IRS, which could indicate that the identity thief has changed the contact address for the business.

 

For information about other scams, sign up for the Fraud Watch Network. You’ll receive free email alerts with tips and resources to help you spot and avoid identity theft and fraud, and keep tabs of scams and law enforcement alerts in your area at our Scam-Tracking Map.

 



Source link

The Reign of Spain? Riskiest Vacation Destinations for Hacking Mobile Devices

The Reign of Spain? Riskiest Vacation Destinations for Hacking Mobile Devices


Photo credit: iStock/Jasmina007

If you’re heading overseas this popular vacation month, don’t underestimate the risks of your smartphone, tablet or other portable devices being hacked…even when visiting countries not typically associated with cybercrime.

True, the U.S. leads all popular vacation destinations in overall mobile threats, where hacking of files and data on hand-held devices occurs about 5 million times per year, according to Keeper Security, a Chicago-based password manager firm. (Previous research by Symantec, which makes Norton antivirus products, indicates the riskiest American cities are Seattle, Boston, Washington, San Francisco and Raleigh).

The United Kingdom is a distance second with 2 million threats, followed by Spain (1.7 million), France (700,000), Poland (475,000), Canada and Italy (400,000 each), Portugal (375,000), the Netherlands (320,000) and Greece (75,000).

But considering our nation’s population, use of mobile devices and availability of public WiFi, only about 1.5 percent of Americans and tourists are victimized – putting us solidly in the middle of the “at-risk” pack. With those factors in the mix, Spain reigns, followed by Portugal and the United Kingdom; each has a population-based mobile hacking rate at least twice as high of ours, according to Just About Travel – a U.K. based website. The Netherlands ranks number 4 with a nearly 2 percent gotcha rate, and following the U.S. at number 5 are Poland, Canada, France and Greece.

What about China, India, Brazil and Russia, which along with America, claim the world’s highest rate of smartphone use? Mobile threats are less likely to occur within those countries, says Keeper CEO Darren Guccione, because they are not as prosperous as the U.S or U.K. (and cyber-crooks prefer to follow the money). Meanwhile, language barriers make Japan, Germany and other countries less attractive targets, he tells the Fraud Watch Network.

No matter your destination, some additional advice to prevent mobile threats beyond these must-know strategies for on-the-road online security:

Take charge when you recharge. Don’t charge your devices with anything other than your own chargers plugged directly into the wall or into your adapter. “It’s easy for cyber thieves to install malware onto hotel and other public docking stations,” notes Guccione. “And never connect any USB drive or other removable media that you don’t personally own.”

Avoid “house” computers. Crooks can (and do) install malware on machines made available to the public at libraries, hotels and other businesses. If you do use them, don’t utilize them for tasks where you need to supply log-in or financial credentials such as online shopping, online banking or other sensitive accounts, or even your personal email.

Pack new passwords with your passport. Before leaving, change log-in credentials and passwords for all mobile device apps; with a password manager, you won’t have to remember them. “When doing this, use two-factor authentication if possible,” adds Guccione. Passwords should be no less than eight characters, with a combination of nonsensical letters, numbers, and symbols. “And don’t use the same PIN for hotel room safes that you use for your device password.

Don’t take a vacation from vigilance. Most travelers won’t consider not using portable devices on vacation, and when using them, don’t even consider if a WiFi connection is secure. Follow these tips to detect potentially problematic public WiFi when abroad or even at the local coffee shop.

For information about other scams, sign up for the Fraud Watch Network. You’ll receive free email alerts with tips and resources to help you spot and avoid identity theft and fraud, and keep tabs of scams and law enforcement alerts in your area at our Scam-Tracking Map.



Source link

5 Ways to Spot Skimmer Scams Before You Use an ATM or Gas Pump

5 Ways to Spot Skimmer Scams Before You Use an ATM or Gas Pump


Caption: iStock/GCShutter

Skimming fraud has been around for more than a decade, and continues to evolve. Today’s skimmers – illegal card-reading devices placed on ATMs, gas pumps and other public-area machines that process debit cards – are stealthier and more sophisticated than ever.

These devices “skim” information from the card’s magnetic strip as a nearby hidden camera, also placed by skimming scammers, records the PIN that you enter. Although you get your cash or can make a purchase – none the wiser of a skim scam flim-flam – the crooks can get more: Using information from the skimmer and camera, they make duplicate cards to drain cash from your accounts, or sell your card number and PIN for others to fleece you.

The good news: In most cases, stolen funds are usually reimbursed provided you report the fraud to the card-issuing bank within 60 days (another reason to keep close and timely tabs on accounts).

The better news: With a few simple steps before you use your card, you may be able to detect skimmers and tampered machines to avoid potential trouble. Here’s how:

  1. Pull on the slot. The latest generation of card-reading devices, used with increasing frequency by skimming scammers, are thin “insert skimmers” that fit inside the card slot at an ATM or gas pump. “New evidence suggests that at least some of these insert skimmers – which record card data and store it on a tiny embedded flash drive – are equipped with technology allowing them to transmit stolen card data wirelessly via infrared, the same communications technology that powers a TV remote control,” reports noted cybersecurity blogger Brian Krebs (who provides photos of insert skimmers). So before using the machine, squeeze, wiggle and tug the insert slot to remove insert skimmers, along with some old-school models placed over the card slot that protrude outward. In general, card slots should be flush against the machine; be suspicious of those where the entire or half of the slot sticks out.
  2. Check for spy cameras. Although skimmers record data from a credit or debit card’s magnetic stripe, fraudsters also need your PIN in order to withdrawal cash or sell cloned cards. To glean PINs, they place pinhole “spy” cameras that collect numbers as they’re being typed on the keypad. Look for small holes just above the display screen, on an attached brochure or other type of box, or even on protruding covers placed over the cash dispenser. Even if you can’t detect evidence of a camera, cover your hand when entering your PIN.
  3. Avoid “void” stickers. To help spot skimmer tampering at gas pumps, many stations now place security seals over the cabinet panel as part of a voluntary program, notes the Federal Trade Commission. If the pump panel has been opened – an indication of possible skimmer placement – the label will read “void” and take that clue to fill your car elsewhere. Still, whenever you use a debit card at the pump, you’re safest by pressing the “credit” button instead of “debit.” This way, you can still use your debit card without having to enter a PIN, and the purchase amount is processed through a credit card network that provides greater protection if fraud occurs.
  4. Inspect the keypad. False keypad overlays that look exactly like, and fit directly over, the real McCoy are another way fraudsters can collect PINs as accompanying skimmers get card data. So before entering your card, check the keypad – and think twice before using if it feels loose, spongy, or the keypad panel appears raised or thicker compared to the rest of the machine. Also before using, give several buttons a test run and be suspicious if they feel sticky. Crooks have been known to place glue on and around certain buttons – particularly “enter,” “cancel” and “clear” – to prevent customers from completing a transaction after inserting a cash card and keying in a PIN. (When customers go inside a bank to report the problem, the waiting thief “unsticks” the buttons with a knife to complete the withdrawal.)
  5. Check the audio jack. Most ATMs have an audio jack that goes unnoticed to the average customer – and that works to their advantage. If not perfectly centered inside the plastic overlay cover, it suggests the machine has been tampered with. Another tampering tipoff: Look for cracks or cuts on the plastic covering the receipt slot, cash dispenser or other portions of the machine; these coverings should be completely smooth.

 

For information about other scams, sign up for the Fraud Watch Network. You’ll receive free email alerts with tips and resources to help you spot and avoid identity theft and fraud, and keep tabs of scams and law enforcement alerts in your area at our Scam-Tracking Map.

 



Source link

Rigged Carnival Games: Are You Being Played When Playing Midway Classics?

Rigged Carnival Games: Are You Being Played When Playing Midway Classics?


Photo credit: iStock/lisinski

Heading to a summer carnival or state fair? Don’t worry so much about looking foolish carrying an oversized stuffed teddy bear en route to that funnel cake feast. The bigger concern should be in feeling foolish after dropping a wad of cash trying to win that plushy prize, but winding up with empty hands and pockets.

Although not every carnival game is rigged, all can be and many are – making those near impossible to win in hopes you keep trying (and fork over a small fortune). Here’s how you can be played when playing the midway’s most popular “skill” games:

Balloon Pop
Not to deflate your hopes, but this fairgrounds favorite is notorious for sticking it to patrons who try to burst balloons with a thrown dart. How? While fully-inflated balloons pop easy enough, those at some carnival games can be filled to only about one-third of their full air capacity, so darts bounce off without piercing.

To further deflect your throws (and hopes), carnival-used darts may be lighter than store-bought types, with tips that are purposely dulled or broken off. Unless aiming for the fullest balloons, expect this one-two punch to pop-prevent even accurate throws.

Basketball Shoot
Making a free throw from a closer distance than the shooting line on a regulation (or driveway) basketball court may seem like an easy score…if it’s a typical rim. But hoops at some carnivals games are smaller and oval-shaped – not round – so they appear “regular” from your vantage point. But with as little as a half-inch margin of error, even free-throw phenoms can have trouble scoring.

Other foul plays: Balls can be over inflated to make them super-bouncy for a harder score. Backboards are sometimes angled to make it harder to sink shots off it. And netting or shims may be placed between the rim and backboard to interfere with your depth perception.

Milk Bottle Pyramid
Knock down stacked bottles or pins and you win, right? Not when bottles are filled with lead or other hefty helpers to weigh up to 10 pounds each. And the softballs (often filled with cork) or sandbags you’re provided are lighter than usual.

Other carny-provided curve-balls: If just one bottle (usually, those on the bottom and middle) sticks out as little as 1 inch from the others, it can absorb enough of the ball’s force to prevent others from toppling. And beware of curtain backdrops; they can brace closely placed bottles to help prevent them from being knocked over.

Ring Toss
What explains the scant 1-in-700 chance of winning this game, according to a 1980s FBI investigation? Like the basketball shoot, it’s the equipment you’re provided. Often, the rings you’re provided are often just a smidgen wider than the target bottleneck or spike, and made of hard plastic to facilitate bouncing. When the carnival worker shows how easy it is to toss for success, suspect he’s using wider rings than those you’ll be provided, or standing close enough (often directly above the targets) for an easier drop onto the target.

Shoot the Star
The bull’s eye can be on you when trying to shoot out a star or other pattern from a paper target. To thwart your marksmanship, carnival rifles are designed to have less precision than other BB guns – with less air pressure (so many BBs can’t pierce the target) and sights that may been tampered with. Meanwhile, ammo may also be smaller than traditional BBs and in shorter supply than what’s needed to easily accomplish the task.

Tubs of Fun
The goal is to toss softballs into large, angled buckets, and have them stay inside. And there’s no problem doing that when the carny does a demonstration – or even gives a practice throw or two. Reason: There’s already a ball inside the tub to deaden the force of future throws so tosses stay inside the tub.

But once you hand over your money for the “real” game, the balls are removed and without one for deadening, your tosses bounce out – thanks, in large part, to midway mainstay “muck” buckets from the home improvement store whose hard plastic helps give your tosses extra bounce. Some especially unscrupulous carnies may even place springs beneath the tubs for even more bounciness.

For information about other scams, sign up for the Fraud Watch Network. You’ll receive free email alerts with tips and resources to help you spot and avoid identity theft and fraud, and keep tabs of scams and law enforcement alerts in your area at our Scam-Tracking Map.

 



Source link

“Smishing” Self-Defense: How to Prevent Trouble that Comes in Text Messages


Photo credit: iStock/Natali_Mis

Each day, about 20 billion text messages are sent to two billion smartphone users worldwide. Most of these texts are opened within three minutes, and many within a few seconds.

The massive number of text messages and their rapid-fire response rate – by comparison, only one in four email messages are opened within 10 minutes of arrival – amounts to unbridled opportunity for fraudsters exploiting the du jour device for deception: the pocket-held computer that also happens to make phone calls which many of us carry or have nearby 24/7.

Called “smishing” (named after Short Messaging Service technology that sends text messages), it’s an attempt to trick you into revealing private information via SMS or text message. Angling for credit and debit card numbers, PINs, usernames and passwords, even Social Security numbers, smishing texts often purport to be from a government agency, your bank or other respected companies. Typical ploys allege a problem with your account; promise free gift cards; offer low-cost merchandise, mortgages and credit cards; and click-bait like customer satisfaction surveys that lure you to open imbedded links or attachments that can also harbor malware. Today, nearly half of clicks on malicious URLs are made from mobile devices – more than doubling the long-running rate of 20 percent, notes cyber security firm Proofpoint.

Although smishing has been around since last decade, it’s on the rise – and increasingly even more dangerous. Studies show that the rate of text spam specifically designed to defraud is seven times higher that of spam arriving by email. And with small screens and the inability to hover a mouse to preview a link, it’s harder to spot text-sent trouble. Your smishing self-defense:

  • Don’t reply to text messages from senders you don’t recognize. Even sending a “remove,” “stop” or “opt-out” response tells SMS senders that your mobile number is active, and ripe for more messages. Be especially wary of texts from a “5000” or other shortened number (versus a complete 10-digit phone number) indicating the message is actually an email sent to a phone.
  • Never reply to text messages asking you to “confirm” or provide personal or financial information. Legitimate companies don’t text requests for account numbers, log-in details, and other sensitive data. Government agencies don’t correspond by text (and are unlikely to even have your mobile phone number).
  • Slow down. Most people instinctively deal with text messages ASAP – and smishing scams work best when creating a false sense of urgency. Rather than calling back numbers provided in text messages (doing so is another tipoff of your working cell number), take a few minutes to verify the actual contact numbers of legitimate business that may need to contact you.
  • Forward suspicious text messages to short code 7726 (which spells “SPAM” on your keypad), which allows cell phone carriers to identify and block smishing messages.
  • Be stingy with your cell phone number. Don’t post it online, on social media, or provide it for contests, surveys, touted “deals” or “free trial”
  • If you haven’t already, install anti-malware software on your Android phone; some products also can block smishing texts. (Apple’s iPhones have built-in protection.) When you receive a bona fide notification of an upgrade to your phone’s software, install it immediately.
  • Keep tabs of your phone bill, looking for suspicious charges – even if you don’t respond to unknown texts.

For information about other scams, sign up for the Fraud Watch Network. You’ll receive free email alerts with tips and resources to help you spot and avoid identity theft and fraud, and keep tabs of scams and law enforcement alerts in your area at our Scam-Tracking Map.

In general, you don’t want to reply to text messages from people you don’t know. That’s the best way to remain safe. This is especially true when the SMS comes from a phone number that doesn’t look like a phone number, such as a “5000” phone number. This is a sign that the text message is actually just an email sent to a phone.

You should also exercise basic precautions when using your phone. Don’t click on links you get on your phone unless you know the person sending them. Even if you get a text message with a link from a friend, consider verifying they meant to send the link before clicking on it. A full-service Internet security suite isn’t just for laptops and desktops. It also makes sense for your mobile phone. A VPN such as Norton WiFi Privacy is an advisable option for your mobile devices. This will secure and encrypt any communication taking place between your mobile device and the Internet on the other end. Never install apps from text messages. Any apps you install on your device should come straight from the official app store. These programs have vigorous testing procedures to go through before they’re allowed in the marketplace. Err on the side of caution. If you have any doubt about the safety of a text message, don’t even open it.



Source link

Don’t Be a Scam Mark When You Park

Don’t Be a Scam Mark When You Park


There are many routes to a ripoff, including several schemes that can occur when you park your car:

Fake fines. A longtime ruse, phony parking tickets have resurged in recent months. The “classic” con involves windshield-left violations that appear authentic. Thanks to inexpensive hand-held printers, scammers can produce on-the-spot thermal printouts that look like actual tickets produced by police-used machinery, either standalones or placed in brightly colored envelopes, purchased online, like those used by some law enforcement. Motorists who receive these phony tickets are usually directed to pay the fine at scammer-run websites that also appear authentic, where sensitive personal information including bank account details may be solicited. These websites could also harbor malware.

Joining these schemes is the latest ruse: Bogus emails received by residents in several states that falsely claim a newly issued or past-due parking or traffic violations. Usually spoofed to appear to come from a local police department or state DMV, this conning correspondence demands personal information, payment (often by credit card or prepaid debit card) and can include links or attachments that “direct unsuspecting users to a malicious download that may expose your computer to a virus,” warns the New York State Department of Motor Vehicles.

Before paying a parking ticket, verify its legitimacy by contacting the issuing agency – either calling or looking up its website yourself; don’t rely on what’s printed on tickets, and be suspicious of any website that doesn’t end in .gov or .org. Police don’t email citations (or news about them), so don’t risk malware by clicking on links or attachments.

Parking lot posers. It can cost a small fortune to park in the official lot of a stadium or other event venue, and that’s what helps those guys who eagerly direct you to a nearby lot to park at a fraction of the price. Some are legitimate, but others are there to collect your upfront payment, point you to a space, and then hit the road. Problem is you may not know the difference until after that ballgame or concert to find your vehicle gone. Reason: The parking lot poser took the money and ran – and the lot’s real owner called a towing company. If you don’t want to spring for “official” parking in designated venue-owned lots, ensure surrounding lots have signs of legitimacy – such as booths, uniformed attendants and real signs noting the name and phone number of the company versus “Park Here” painted on plywood.

Car rescue and repair ripoffs. Stranded in a parking lot? Before relying on the kindness of strangers, make sure a help-offering Good Samaritan isn’t angling for a quick payment to “fix” a problem he caused. Such malevolent mechanics typically wait in parking lots, looking for their top targets – women in their 70s and those whose vehicles have out-of-state license plates. After their prey parks, they disable vehicles by deflating tires or disconnecting wire or cables after popping the hood of older or unlocked vehicles…then offer help when their mark returns. Advice: Before accepting assistance, politely inform parking lot helpers that while you appreciate any assistance they can provide, you cannot pay for their services. The crooks will likely drive off, and if you’re not a member of AAA, realize that police can lend a hand, and many auto insurers and vehicle manufacturers (especially for newer models) offer emergency roadside assistance.

Home heists help. Parking lots at movie theaters and shopping malls can help burglars pull off a successful heist. How? After waiting until a car’s occupants go inside, they can break into cars specifically to get addresses from vehicle registrations and auto insurance cards. Knowing they at least a two-hour window of opportunity (at least for movie-goers), these crooks then drive off to burglarize the victims’ homes. Although this isn’t how most home burglaries occur, it does happen. To prevent potential problems, keep your address-revealing documents and GPS in a locked glove compartment, hidden under a seat or truck wheel well, or carry these items with you.

For information about other scams, sign up for the Fraud Watch Network. You’ll receive free email alerts with tips and resources to help you spot and avoid identity theft and fraud, and keep tabs of scams and law enforcement alerts in your area at our Scam-Tracking Map.



Source link

Pin It on Pinterest