AE Monthly

Article Archives Search

AE Articles


A New "Phishing" Expedition No One Should Believe - By Michael Stillman Email supposedly from the IRS invites the "phish" to apply for a tax refund. By Michael Stillman We have occasionally written about "phishing" expeditions, those ubiquitous emails we all get trying to con valuable information from us. From the legendary Nigerian scam, where an alleged wealthy former Nigerian official requested our bank account details so he could send us millions of dollars, to today's regular mailings supposedly from our banks, credit card companies, eBay, PayPal, Amazon and more, phishers look for valuable information. They want our bank account details, credit card numbers, passwords and the like. They attempt to sound like the real companies, so we will trust them with this data. Of course, if they were really these companies, they would already have this information, but no bother. If they can fool us into sending it, these frauds will be able to use it to steal from our accounts. Fortunately, most people are wise to their ways, though a few must still be fooled. Otherwise, why would they keep sending the stuff? Some of these phishing attempts are fairly convincing, others downright laughable. Many I receive, obviously from overseas locations where English is a second language, or a third or fourth or barely a language at all, are a joke. I am certain that if Citibank ever sends me an email, it will be written by someone who speaks English at least as well as an average second grader. That's a tip. They may farm out their telephone answering to India, but they don't have their emails written in Romania, at least not yet. However, this most recent attempt to hook me was ridiculous not for its bad grammar, but for the patent absurdity of what it offered, and what it expected in return. In this latest scam, the bait was a mere $63.80. Why would they offer so little when the "Nigerians" were offering millions of dollars? Probably they figured that by now I know no one is going to send me millions, but I might believe someone would give me $63.80. But, do you know who was supposedly offering me this money? The IRS! Can you imagine, the IRS offering to give me money, instead of taking it? I think the IRS offering to give me $63.80 is somewhat less likely than some Nigerian stranger offering to give me $10 million. This email obviously emanated from some foreign country where the natives know nothing about the IRS (America's Internal Revenue Service, or tax collectors for those of you who live in other lands). The language was a bit stilted. The email said that my refund was determined "after the last annual calculations of your fiscal activity." What does that mean, in English? My "fiscal activity?" I engage in about as much "fiscal activity" as I engage in physical activity. Not much. However, while eBay or Amazon would never send such a message, government-speak is frequently legalistic and incomprehensible. Bad English, as long as grammatically correct, therefore does not give away an email allegedly from the government as being fake. The offer of money was far more suspicious than the awkward language.
A New "Phishing" Expedition No One Should Believe - By Michael Stillman Fake IRS form asks for every pertinent piece of data that could be used to steal from its victim. The email then offered me a link to the form necessary to obtain my refund. You should never click such links in an email. Never. Violating this most sacred truth (though only after determining it was a link, not a download, and using a MAC computer, which is mostly virus-free), I clicked to see the form. As seen on this page (left), the form was a real IQ test. Anyone who ever fills out a form like this is either incredibly naive, stupid, uneducated, foolish, crazy, or all of these. Actually, I am all of the above, but still rational enough to see through this one. Here is what they wanted from me: social security number, name, address, birthday, credit card number, expiration date, CVV number (that three digit code on the back of your credit cards), and (this is a first) my pin number. None of these spoofs has ever had the nerve to ask for my pin before. So think about this one carefully. Of course we all know this didn't really come from the IRS, any more than that earlier email came from late Nigerian Dictator Sani Abacha's rich widow. But what if it did? If the email really did come from the IRS, would you want to send them your credit card digits and bank account pin number? I've never had my bank account emptied by a Nigerian, but it has happened many times with the IRS. No, this is one email where, even if I believed the source was legitimate, I would not want to send them my banking information. Fill out this form and heads you lose, tails you lose. Delete immediately.

A New "Phishing" Expedition No One Should Believe

- By Michael Stillman

Email supposedly from the IRS invites the "phish" to apply for a tax refund.

By Michael Stillman

We have occasionally written about "phishing" expeditions, those ubiquitous emails we all get trying to con valuable information from us. From the legendary Nigerian scam, where an alleged wealthy former Nigerian official requested our bank account details so he could send us millions of dollars, to today's regular mailings supposedly from our banks, credit card companies, eBay, PayPal, Amazon and more, phishers look for valuable information. They want our bank account details, credit card numbers, passwords and the like. They attempt to sound like the real companies, so we will trust them with this data. Of course, if they were really these companies, they would already have this information, but no bother. If they can fool us into sending it, these frauds will be able to use it to steal from our accounts. Fortunately, most people are wise to their ways, though a few must still be fooled. Otherwise, why would they keep sending the stuff?

Some of these phishing attempts are fairly convincing, others downright laughable. Many I receive, obviously from overseas locations where English is a second language, or a third or fourth or barely a language at all, are a joke. I am certain that if Citibank ever sends me an email, it will be written by someone who speaks English at least as well as an average second grader. That's a tip. They may farm out their telephone answering to India, but they don't have their emails written in Romania, at least not yet. However, this most recent attempt to hook me was ridiculous not for its bad grammar, but for the patent absurdity of what it offered, and what it expected in return.

In this latest scam, the bait was a mere $63.80. Why would they offer so little when the "Nigerians" were offering millions of dollars? Probably they figured that by now I know no one is going to send me millions, but I might believe someone would give me $63.80. But, do you know who was supposedly offering me this money? The IRS! Can you imagine, the IRS offering to give me money, instead of taking it? I think the IRS offering to give me $63.80 is somewhat less likely than some Nigerian stranger offering to give me $10 million. This email obviously emanated from some foreign country where the natives know nothing about the IRS (America's Internal Revenue Service, or tax collectors for those of you who live in other lands).

The language was a bit stilted. The email said that my refund was determined "after the last annual calculations of your fiscal activity." What does that mean, in English? My "fiscal activity?" I engage in about as much "fiscal activity" as I engage in physical activity. Not much. However, while eBay or Amazon would never send such a message, government-speak is frequently legalistic and incomprehensible. Bad English, as long as grammatically correct, therefore does not give away an email allegedly from the government as being fake. The offer of money was far more suspicious than the awkward language.

A New "Phishing" Expedition No One Should Believe

- By Michael Stillman

Fake IRS form asks for every pertinent piece of data that could be used to steal from its victim.

The email then offered me a link to the form necessary to obtain my refund. You should never click such links in an email. Never. Violating this most sacred truth (though only after determining it was a link, not a download, and using a MAC computer, which is mostly virus-free), I clicked to see the form. As seen on this page (left), the form was a real IQ test. Anyone who ever fills out a form like this is either incredibly naive, stupid, uneducated, foolish, crazy, or all of these. Actually, I am all of the above, but still rational enough to see through this one. Here is what they wanted from me: social security number, name, address, birthday, credit card number, expiration date, CVV number (that three digit code on the back of your credit cards), and (this is a first) my pin number. None of these spoofs has ever had the nerve to ask for my pin before.

So think about this one carefully. Of course we all know this didn't really come from the IRS, any more than that earlier email came from late Nigerian Dictator Sani Abacha's rich widow. But what if it did? If the email really did come from the IRS, would you want to send them your credit card digits and bank account pin number? I've never had my bank account emptied by a Nigerian, but it has happened many times with the IRS. No, this is one email where, even if I believed the source was legitimate, I would not want to send them my banking information. Fill out this form and heads you lose, tails you lose. Delete immediately.