.NExT Web Security - Fighting 419 (Nigerian Advanced Fee Fraud) and other internet scams. Providing International Law Enforcement, investigators and anti-scam specialists with effective tools to combat internet crime.
Serving International Law Enforcement, Investigators and Anti-scam Specialists
Countries visiting Next Web Security - 419 Nigerian Advanced Fee Fraud

Current Scams & Frauds

IRS Alerts Payroll and HR Professionals to Phishing Scheme Involving W-2s
Fake Invoice Scams
College Students Being Targeted in Phone Scam
Business E-Mail Compromise
Nigerian Purchase Order Scams
Jury Duty Scam
Cyber Criminals Using Fake Government E-mail to Perpetrate Scam
FBI warns doctors of 'virtual kidnap' schemes
DEA Warns Public of Extortion Scam by DEA Special Agent Impersonators
IRS Warns of Pervasive Telephone Scam
Attorney / Collection Check Scam
CHECK WRITER SCAM

IRS Alerts Payroll and HR Professionals to Phishing Scheme Involving W-2s

WASHINGTON -- The Internal Revenue Service today issued an alert to payroll and human resources professionals to beware of an emerging phishing email scheme that purports to be from company executives and requests personal information on employees.

The IRS has learned this scheme -- part of the surge in phishing emails seen this year -- already has claimed several victims as payroll and human resources offices mistakenly email payroll data including Forms W-2 that contain Social Security numbers and other personally identifiable information to cybercriminals posing as company executives.

"This is a new twist on an old scheme using the cover of the tax season and W-2 filings to try tricking people into sharing personal data. Now the criminals are focusing their schemes on company payroll departments," said IRS Commissioner John Koskinen. "If your CEO appears to be emailing you for a list of company employees, check it out before you respond. Everyone has a responsibility to remain diligent about confirming the identity of people requesting personal information about employees."

IRS Criminal Investigation already is reviewing several cases in which people have been tricked into sharing SSNs with what turned out to be cybercriminals. Criminals using personal information stolen elsewhere seek to monetize data, including by filing fraudulent tax returns for refunds.

This phishing variation is known as a "spoofing" email. It will contain, for example, the actual name of the company chief executive officer. In this variation, the "CEO" sends an email to a company payroll office employee and requests a list of employees and information including SSNs.

The following are some of the details contained in the e-mails:

  • Kindly send me the individual 2015 W-2 (PDF) and earnings summary of all W-2 of our company staff for a quick review.

  • Can you send me the updated list of employees with full details (Name, Social Security Number, Date of Birth, Home Address, Salary).

  • I want you to send me the list of W-2 copy of employees wage and tax statement for 2015, I need them in PDF file type, you can send it as an attachment. Kindly prepare the lists and email them to me asap.

The IRS recently renewed a wider consumer alert for e-mail schemes after seeing an approximate 400 percent surge in phishing and malware incidents so far this tax season and other reports of scams targeting others in a wider tax community.

The emails are designed to trick taxpayers into thinking these are official communications from the IRS or others in the tax industry, including tax software companies. The phishing schemes can ask taxpayers about a wide range of topics. E-mails can seek information related to refunds, filing status, confirming personal information, ordering transcripts and verifying PIN information.

The IRS, state tax agencies and tax industry are engaged in a public awareness campaign - Taxes. Security. Together. - to encourage everyone to do more to protect personal, financial and tax data. See IRS.gov/taxessecuritytogether or Publication 4524 for additional steps you can take to protect yourself.


Return to Alerts menu

Fake Invoice Scams

Fake invoice fraud occurs when fraudsters submit an invoice, or other request for payment that is not genuine in the hopes that your business will pay it.

It is hard to quantify how much is being lost to this type of fraud, however the reports that are available suggest it is a growing problem and there are frequently large losses. The FBI's Internet Crime Complaint Center (or IC3) issued a report saying that from Oct. 1, 2013 through Dec. 1, 2014, it received complaints about this scam from every U.S. state and 45 other countries, totalling 1,198 American victims who lost a combined $179,800,000, and 928 non-Americans who lost a combination of non-U.S. currencies worth $35,220,000 - worldwide losses across 46 nations totalling $215 million in 14 months.1

Meanwhile, in the UK, CIFAS have warned that reports of fake invoice scams targeting businesses have rocketed with 749 businesses reporting falling victim to this type of scam to Action Fraud between January and June 2015 alone. In comparison there were 603 in the whole of 2014 and 739 in 2013.2

Invoice fraud can be committed with varying levels of sophistication, in its simplest form the fraudster simply submits an invoice to your business and hopes you will pay it. As the invoice is unlikely to bear any relation to your actual suppliers or your purchases this should be relatively easy to spot.

At a more sophisticated level fraudsters use various techniques to obtain information about your company and your suppliers so that they can submit demands for payment that are more credible. Cybercrime techniques deploying hacking and phishing can be used to either directly access information or give the fraudsters the appearance of being part of your company. For example they might send an email that looks like it's come from one of your employees that either requests payment or requests information that makes their fraud more believable.

Another tactic that may be deployed involves social engineering. Fraudsters may contact your staff in order to obtain further information or to push the case for payment. They know the times when you're likely to be busy or less alert, for example, Friday afternoons are a busy time for companies involved in property sales, so that's when they're likely to ring. For other businesses they understand that you may have a reduced number of staff or less experienced, temporary staff during the summer months.

The additional information gleaned through these methods means that the fraudsters can submit more convincing invoices that look like they come from your genuine suppliers and are for products or services you actually purchase. Another technique this level of knowledge allows them to deploy is to submit a request for change of bank account details. With letterhead that looks convincing like that of your genuine suppliers they will write to tell you that you need to update your records with their new bank account details. Of course the new details are those of a fraudster and when you think you are paying your genuine supplier the money will unfortunately end up with the scammers.

Invoice fraud has become a sophisticated enterprise that can have more than one stage and present in different forms that are not always easy to spot.


Return to Alerts menu

FBI Warns of College Students Being Targeted in Phone Scam

The FBI is warning consumers to be on alert for a phone scam that primarily targets college students while displaying the FBI's telephone number on the recipient's caller ID.

The FBI has received multiple calls from college students at various universities complaining of a phone scam involving someone claiming to represent the U.S. government or even claiming to be FBI agents. In those cases, the caller advised the students of delinquent student loans or dues, delinquent taxes, or even overdue parking tickets. On occasion, the caller even threatens the students with arrest and not graduating from school if these fees were not immediately satisfied via MoneyGram.

During each attempt to gain personally identifiable information from the students, the caller claims to have specific student information. In addition, the originating telephone number used by the scammer is displayed or "spoofed" as that of the telephone number of an FBI field office.

The public is reminded that the FBI does not call private citizens requesting money and to never give out unsolicited requests for personal information to callers that you don't know.

Individuals receiving such calls can file a complaint through the FBI's Internet Crime Complaint Center at www.IC3.gov.


Return to Alerts menu

Business E-Mail Compromise

An Emerging Global Threat

The accountant for a U.S. company recently received an e-mail from her chief executive, who was on vacation out of the country, requesting a transfer of funds on a time-sensitive acquisition that required completion by the end of the day. The CEO said a lawyer would contact the accountant to provide further details.

"It was not unusual for me to receive e-mails requesting a transfer of funds," the accountant later wrote, and when she was contacted by the lawyer via e-mail, she noted the appropriate letter of authorization - including her CEO's signature over the company's seal-and followed the instructions to wire more than $737,000 to a bank in China.

The next day, when the CEO happened to call regarding another matter, the accountant mentioned that she had completed the wire transfer the day before. The CEO said he had never sent the e-mail and knew nothing about the alleged acquisition.

The company was the victim of a business e-mail compromise (BEC), a growing financial fraud that is more sophisticated than any similar scam the FBI has seen before and one - in its various forms - that has resulted in actual and attempted losses of more than a billion dollars to businesses worldwide.

"BEC is a serious threat on a global scale," said FBI Special Agent Maxwell Marker, who oversees the Bureau's Transnational Organized Crime - Eastern Hemisphere Section in the Criminal Investigative Division. "It's a prime example of organized crime groups engaging in large-scale, computer-enabled fraud, and the losses are staggering."

Since the FBI's Internet Crime Complaint Center (IC3) began tracking BEC scams in late 2013, it has compiled statistics on more than 7,000 U.S. companies that have been victimized - with total dollar losses exceeding $740 million. That doesn't include victims outside the U.S. and unreported losses.

The scammers, believed to be members of organized crime groups from Africa, Eastern Europe, and the Middle East, primarily target businesses that work with foreign suppliers or regularly perform wire transfer payments. The scam succeeds by compromising legitimate business e-mail accounts through social engineering or computer intrusion techniques. Businesses of all sizes are targeted, and the fraud is proliferating.

According to IC3, since the beginning of 2015 there has been a 270 percent increase in identified BEC victims. Victim companies have come from all 50 U.S. states and nearly 80 countries abroad. The majority of the fraudulent transfers end up in Chinese banks.

Not long ago, e-mail scams were fairly easy to spot. The Nigerian lottery and other fraud attempts that arrived in personal and business e-mail inboxes were transparent in their amateurism. Now, the scammers' methods are extremely sophisticated.

"They know how to perpetuate the scam without raising suspicions," Marker said. "They have excellent tradecraft, and they do their homework. They use language specific to the company they are targeting, along with dollar amounts that lend legitimacy to the fraud. The days of these e-mails having horrible grammar and being easily identified are largely behind us."

To make matters worse, the criminals often employ malware to infiltrate company networks, gaining access to legitimate e-mail threads about billing and invoices they can use to ensure the suspicions of an accountant or financial officer aren't raised when a fraudulent wire transfer is requested.

How to Avoid Becoming a Victim of a BEC Scam

In October 2013, the Internet Crime Complaint Center (IC3) began receiving complaints from businesses about trusted suppliers requesting wire transfers that ended up in banks overseas-and turned out to be bogus requests. Since then, losses from the business e-mail compromise (BEC) scam have been significant.

"For victims reporting a monetary loss to the IC3, the average individual loss is about $6,000," said Ellen Oliveto, an FBI analyst assigned to the center. "The average loss to BEC victims is $130,000." IC3 offers the following tips to businesses to avoid being victimized by the scam (a more detailed list of strategies is available at www.ic3.gov):

  • Verify changes in vendor payment location and confirm requests for transfer of funds.
  • Be wary of free, web-based e-mail accounts, which are more susceptible to being hacked.
  • Be careful when posting financial and personnel information to social media and company websites.
  • Regarding wire transfer payments, be suspicious of requests for secrecy or pressure to take action quickly.
  • Consider financial security procedures that include a two-step verification process for wire transfer payments.
  • Create intrusion detection system rules that flag e-mails with extensions that are similar to company e-mail but not exactly the same. For example, .co instead of .com.
  • If possible, register all Internet domains that are slightly different than the actual company domain.
  • Know the habits of your customers, including the reason, detail and amount of payments. Beware of any significant changes.

Instead of making a payment to a trusted supplier, the scammers direct payment to their own accounts. Sometimes they succeed at this by switching a trusted bank account number by a single digit. "The criminals have become experts at imitating invoices and accounts," Marker said. "And when a wire transfer happens," he added, "the window of time to identify the fraud and recover the funds before they are moved out of reach is extremely short."

In the case mentioned above-reported to the IC3 in June-after the accountant spoke to her CEO on the phone, she immediately reviewed the e-mail thread. "I noticed the first e-mail I received from the CEO was missing one letter; instead of .com, it read .co." On closer inspection, the attachment provided by the "lawyer" revealed that the CEO's signature was forged and the company seal appeared to be cut and pasted from the company's public website. Further assisting the perpetrators, the website also listed the company's executive officers and their e-mail addresses and identified specific global media events the CEO would attend during the calendar year.

The FBI's Criminal, Cyber, and International Operations Divisions are coordinating efforts to identify and dismantle BEC criminal groups. "We are applying all our investigative techniques to the threat," Marker said, "including forensic accounting, human source and undercover operations, and cyber aspects such as tracking IP addresses and analyzing the malware used to carry out network intrusions. We are working with our foreign partners as well, who are seeing the same issues." He stressed that companies should make themselves aware of the BEC threat and take measures to avoid becoming victims (see sidebar).

If your company has been victimized by a BEC scam, it is important to act quickly. Contact your financial institution immediately and request that they contact the financial institution where the fraudulent transfer was sent. Next, call the FBI, and also file a complaint-regardless of dollar loss-with the IC3.

"The FBI takes the BEC threat very seriously," Marker said, "and we are working with our law enforcement partners around the world to identify these criminals and bring them to justice."


Return to Alerts menu

Nigerian Purchase Order Scams

Overview: The Nigerian Purchase Order Scams Targeting U.S. Companies & Universities involve fraudulent purchase orders using Internet domain names/email accounts similar to those of an established business or university.

For example, if the legitimate domain is www.umich.edu, the fraudulent one might be www.umichedu.com with an associated fraudulent email address. The vendor believes the purchase order came from the legitimate entity and ships the order to the fraudulent address listed on the purchase order. The address is actually the address for a U.S. based re-shipper who receives the products and re-ships them to Nigeria.

Typically, the orders are already shipped before the fraud is discovered. At least 79 universities/companies have been impersonated in the fraudulent purchase orders and 250 victim companies have been targeted by scammers in 360 actual/attempted incidents.

Related cases are open in several FBI field offices and there have been approximately $10.4 million in actual/attempted losses, $4.4 million in total estimated losses before recovery, and an estimated $930,000 has been recovered.


Return to Alerts menu

District Clerk Daniel and FBI warn of jury service scam plaguing Harris County, U.S.

HOUSTON (Oct. 11) - Harris County District Clerk Chris Daniel and the FBI in Houston urged southeast Texas residents not to be duped by con men who pose as police officers and demand that callers pay fines for purportedly missing jury service.

A local resident was recently duped out of $250 by such a phone scam. The scam died down after it started occurring late last year, but it has recently resurfaced in Houston and dozens of others states, prompting Daniel and the FBI to warn the public.

Harris County District Clerk Chris Daniel said he requested the FBI's help in investigating the crimes because "these criminals are giving jury service a black eye. Innocent, hard-working people have been tricked into giving these con artists money. They need to be behind bars."

FBI Special Agent in Charge Perrye K. Turner, head of the FBI's Houston office, said one of the best ways to curb the scam is to inform the public not to fall prey to it.

"We've seen variations of this scam hit unsuspecting residents across the country," Special Agent Turner said. "These scammers are using fear and intimidation to pressure victims into paying them money, and they often move from state to state very quickly to avoid detection. Educating yourself on the latest scams is the best defense, and remember - law enforcement authorities will never demand you pay a fine by phone."

People should report scammers' calls to the District Clerk's jury service operation at 713-755-6392 and to your local police or the FBI. Tips to the FBI also may be submitted online at https://tips.fbi.gov. All tipsters may remain anonymous.

Daniel said he contacted the FBI after learning that similar scams were occurring recently in dozens of states, including California, Oregon, Washington, Idaho, Nevada, Michigan, Florida, Georgia and South Carolina.

In many instances, the scam artist says he is a local police officer and often gives the name of a real local police officer and a badge number.

Daniel said the District Clerk's Office never contacts people by phone to say that they have not appeared for jury service, never asks people to pay fines and never asks people to give debit account information, personal identification information or other sensitive information on the phone.

"If you receive such calls, do not give these con men any money or debit card information," Daniel said.

A northwest Houston man informed the DCO that he was recently duped out of $250 by a caller who said he was a law enforcement officer seeking to collect a fine that the man owed for missing jury service. The caller threatened to send two officers to arrest him if he didn't pay the fine.

The northwest Houston man said he was frightened so he carried out the caller's instructions: He went to a Walgreens and put $250 on a prepaid debit card. The caller stayed on the phone with the Houston man for an hour while he traveled to the store and went in. The caller hung up only after the man read the debit card number over the phone.

The northwest Houston man said the caller knew his address and did a good job of scaring him.

Earlier this year, a Galleria-area woman informed the DCO that she was tricked out of $350 during a similar scam. The woman said she came home one day to find several messages on her answering machine from a man who said he was Capt. Terry Griffin from 1200 Baker St. - the real address of the Harris County Sheriff's Office.

"Capt. Griffin" told her she had failed to report for jury service and that she should appear before state District Judge Randy Wilson - a real judge - at 1201 Franklin St. - the real address of the Harris County Criminal Justice Center.

"Capt. Griffin" told her that she would be arrested if she didn't pay the fine. He told her the fine was $350 and that he would accept a green dot prepaid debit card.

The caller stayed on the phone with her, and she put $350 on the card and gave him the number on the back. He even called her back later and said she owed more money, but she was not tricked a second time.

The jury service scam is occurring all over the U.S. In Georgia earlier this month, Ivan Cain Hamilton, 28, was charged with duping numerous victims out of at least $10,000 by posing as an officer trying to collect fines for missing jury service. Where do authorities say Hamilton ran his scheme from? From behind bars at a Georgia state prison.

An Arizona woman in her 80s was tricked out of $6,500 recently by a jury service scam, the Sierra, Ariz., Herald reported last week.

Daniel said, "These con men need to be caught, but they are difficult to catch because they often use disposable phones."

SOURCE - FBI Houston office      


Return to Alerts menu

Cyber Criminals Using Fake Government E-mail to Perpetrate Scam

Cyber criminals posing as Internet Crime Complaint Center (IC3) employees are defrauding the public. The IC3 has received complaints from victims who were receiving e-mails purported to be from the IC3. This advisory informs readers how the scheme works, offers measures to help mitigate the threat, and advises how to report incidents to law enforcement.

Victims report that the unsolicited e-mail sender is a representative of the IC3. The e-mails state that a criminal report was filed on the victim?s name and social security number and legal papers are pending. Scammers impersonate an IC3 employee to increase credibility and use threats of legal action to create a sense of urgency. Victims are informed they have one to two days from the date of the complaint to contact the scammers. Failure to respond to the e-mail will result in an arrest warrant issued to the victim.

Some victims stated they were provided further details regarding the 'criminal charges' to include violations of federal banking regulations, collateral check fraud, and theft deception. Other victims claimed that their address was correct but their social security number was incorrect. Victims that requested additional information from the scammer were instructed to obtain prepaid money cards to avoid legal action. Victims have reported this scam in multiple states.

If you receive this type of e-mail:

- Resist the pressure to act quickly.
- Never wire money based on a telephone request or in an e-mail, especially to an overseas location.

The IC3 never charges the public for filing a complaint and will never threaten to have them arrested if they do not respond to an e-mail. Individuals who have fallen victim to this type of scam are encouraged to file a complaint with the IC3 at http://www.ic3.gov.


Return to Alerts menu

FBI warns doctors of 'virtual kidnap' schemes

San Antonio FBI seeks to warn the public regarding the rise in "virtual kidnapping" extortion schemes and the recent targeting of physicians in South Texas. Over the past several years, San Antonio FBI, along with many state and local law enforcement partners, received reports from the public regarding extortion schemes, often referred to as "virtual kidnappings." These schemes typically involve an individual or criminal organization who contacts a victim via telephone and demands payment for the return of a "kidnapped" family member or friend. While no actual kidnapping has taken place, the callers often use co-conspirators to convince their victims of the legitimacy of the threat. For example, a caller might attempt to convince a victim that his daughter was kidnapped by having a young female scream for help in the background during the call.

Callers, sometimes representing themselves as members of a drug cartel or corrupt law enforcement, will typically provide the victim with specific instructions to ensure safe "return" of the allegedly kidnapped individual. These instructions usually involve demands of a ransom payment. Most schemes use various techniques to instill a sense of fear, panic, and urgency in an effort to rush the victim into making a very hasty decision. Instructions usually require the ransom payment be made immediately and typically by wire transfer. These schemes involve varying amounts of ransom demands, which often decrease at the first indication of resistance.

Callers will often go to great lengths to engage victims in ongoing conversations to prevent them from verifying the status and location of the "kidnapped" individuals. Callers will often make their victims believe they are being watched and were personally targeted. In reality, many of these callers are outside of the United States, simply making hundreds of calls, possibly using phone directories or other phone lists.

While the reported number of "virtual kidnapping" extortion schemes appears to be increasing, a recent trend indicates perpetrators of these schemes may be targeting physicians to include dentists, general practitioners, and various specialists in South Texas. This year, during the months of June and July, the FBI received multiple reports indicating physicians in McAllen, Laredo, Brownsville, and Del Rio, Texas, were contacted in attempts to collect extortion payments in "virtual kidnapping" schemes.

Due to the rising prevalence of these types of incidents, coupled with the increased victimization of members of the medical community in the Rio Grande Valley and South Texas, the FBI is attempting to raise awareness through liaison efforts with the health care industry and the public at large.

To avoid becoming a victim of this extortion scheme, look for the following possible indicators:

  • Incoming calls made from an outside area code
  • Multiple successive phone calls
  • Calls do not come from the kidnapped victim's phone
  • Callers go to great lengths to keep you on the phone
  • Callers prevent you from calling or locating the "kidnapped" victim
  • Ransom money is only accepted via wire transfer service
If you receive a phone call from someone who demands payment of a ransom for a kidnapped victim, the following should be considered:
  • Stay calm
  • Slow the situation down
  • Avoid sharing information about you or your family during the call
  • Listen carefully to the voice of the kidnapped victim
  • Attempt to call or determine the location of the "kidnapped" victim
  • Request to speak to the victim
  • Ask questions only the victim would know
  • Request the kidnapped victim call back from his/her cell phone
If you have any question about whether the call is an extortion scheme or a legitimate kidnapping, contact your nearest FBI office immediately. Anyone with information about these fraud schemes is also encouraged to contact the nearest FBI office:

San Antonio FBI
San Antonio (24 Hour): (210) 225-6741
Brownsville: (956) 546-6922
Del Rio: (830) 775-0076
Laredo: (956) 723-4021
McAllen: (956) 984-6300
Austin: (512) 345-1111
Waco: (254) 772-1627

San Antonio FBI is committed to working with our state and local law enforcement officers to increase public awareness regarding the threat posed by virtual kidnappings, and will continue to investigate and refer these types of cases for prosecution.

Tips can also be submitted online at https://tips.fbi.gov. All tipsters may remain anonymous.

More here: Virtual Kidnapping


Return to Alerts menu

DEA Warns Public of Extortion Scam by DEA Special Agent Impersonators

The Drug Enforcement Administration is warning the public about criminals posing as DEA special agents or other law enforcement personnel as part of an international extortion scheme.

The criminals call the victims (who in most cases previously purchased drugs over the internet or by telephone) and identify themselves as DEA agents or law enforcement officials from other agencies. The impersonators inform their victims that purchasing drugs over the internet or by telephone is illegal, and that enforcement action will be taken against them unless they pay a fine. In most cases, the impersonators instruct their victims to pay the "fine" via wire transfer to a designated location, usually overseas. If victims refuse to send money, the impersonators often threaten to arrest them or search their property. Some victims who purchased their drugs using a credit card also reported fraudulent use of their credit cards.

Impersonating a federal agent is a violation of federal law. The public should be aware that no DEA agent will ever contact members of the public by telephone to demand money or any other form of payment.

The DEA reminds the public to use caution when purchasing controlled substance pharmaceuticals by telephone or through the Internet. It is illegal to purchase controlled substance pharmaceuticals online or by telephone unless very stringent requirements are met. And, all pharmacies that dispense controlled substance pharmaceuticals by means of the internet must be registered with DEA. By ordering any pharmaceutical medications online or by telephone from unknown entities, members of the public risk receiving unsafe, counterfeit, and/or ineffective drugs from criminals who operate outside the law. In addition, personal and financial information could be compromised.

Anyone receiving a telephone call from a person purporting to be a DEA special agent or other law enforcement official seeking money should refuse the demand and report the threat using the online form below. Please include all fields, including, most importantly, a call back number so that a DEA investigator can contact you for additional information. Online reporting will greatly assist DEA in investigating and stopping this criminal activity.

Report Here


Return to Alerts menu

IRS Warns of Pervasive Telephone Scam

Versión en español

IRS YouTube Video: 
Tax Scams: English | ASL

IR-2013-84, Oct. 31, 2013

WASHINGTON - The Internal Revenue Service today warned consumers about a sophisticated phone scam targeting taxpayers, including recent immigrants, throughout the country.

Victims are told they owe money to the IRS and it must be paid promptly through a pre-loaded debit card or wire transfer. If the victim refuses to cooperate, they are then threatened with arrest, deportation or suspension of a business or driver's license. In many cases, the caller becomes hostile and insulting.

"This scam has hit taxpayers in nearly every state in the country.  We want to educate taxpayers so they can help protect themselves.  Rest assured, we do not and will not ask for credit card numbers over the phone, nor request a pre-paid debit card or wire transfer," says IRS Acting Commissioner Danny Werfel. "If someone unexpectedly calls claiming to be from the IRS and threatens police arrest, deportation or license revocation if you don't pay immediately, that is a sign that it really isn't the IRS calling." Werfel noted that the first IRS contact with taxpayers on a tax issue is likely to occur via mail

Other characteristics of this scam include:

  • Scammers use fake names and IRS badge numbers. They generally use common names and surnames to identify themselves.
  • Scammers may be able to recite the last four digits of a victim's Social Security Number.
  • Scammers spoof the IRS toll-free number on caller ID to make it appear that it's the IRS calling.
  • Scammers sometimes send bogus IRS emails to some victims to support their bogus calls.
  • Victims hear background noise of other calls being conducted to mimic a call site.
  • After threatening victims with jail time or driver's license revocation, scammers hang up and others soon call back pretending to be from the local police or DMV, and the caller ID supports their claim.

If you get a phone call from someone claiming to be from the IRS, here's what you should do:

  • If you know you owe taxes or you think you might owe taxes, call the IRS at 1.800.829.1040. The IRS employees at that line can help you with a payment issue - if there really is such an issue.
  • If you know you don't owe taxes or have no reason to think that you owe any taxes (for example, you've never received a bill or the caller made some bogus threats as described above), then call and report the incident to the Treasury Inspector General for Tax Administration at 1.800.366.4484.
  • You can file a complaint using the FTC Complaint Assistant; choose "Other" and then "Imposter Scams." If the complaint involves someone impersonating the IRS, include the words "IRS Telephone Scam" in the notes.

Taxpayers should be aware that there are other unrelated scams (such as a lottery sweepstakes) and solicitations (such as debt relief) that fraudulently claim to be from the IRS.

The IRS encourages taxpayers to be vigilant against phone and email scams that use the IRS as a lure. The IRS does not initiate contact with taxpayers by email to request personal or financial information.  This includes any type of electronic communication, such as text messages and social media channels. The IRS also does not ask for PINs, passwords or similar confidential access information for credit card, bank or other financial accounts. Recipients should not open any attachments or click on any links contained in the message. Instead, forward the e-mail to phishing@irs.gov.

More information on how to report phishing scams involving the IRS is available on the genuine IRS website, IRS.gov.

You can reblog the IRS tax scam alert via Tumblr.

Related Item: IRS Warns of New Email Phishing Scheme Falsely Claiming to be from the Taxpayer Advocate Service

Return to Alerts menu

 

Attorney / Collection Check Scam Notice

Current Scenario

A supposed indebtedness for goods or services, loans, "purchase" of real estate, breach of contract or mergers & acquisitions (latest).

Previous Scenario

Involves an out-of-country client (Korea or Japan) who supposedly has obtained a divorce and her ex-husband has not paid the settlement. Somehow the ex-husband finds out that she has contacted you and you will receive an email to that effect as well as a counterfeit Cashiers check via FedEx or regular stamped mail from Toronto, upstate NY or NJ.

The article below was written at the request of the DOJ and describes this scam in sufficient detail as well as what happens when a firm deposits the check into their trust account. Your details may vary slightly, however the fraud remains exactly the same.

If you have initiated a wire transfer, it is imperative that you stop this transfer immediately if you have not already done so. The bank will hold your firm liable for the entire amount once the counterfeit has been discovered.

It is strongly recommended that you cease communications with these individuals and certainly do not advise them that you have been warned or inform them of any actions taken by you, your bank or law enforcement. Surprisingly, a few targeted firms have forwarded warnings to the suspects, an action which could easily be construed as obstruction of justice.

If you have received hardcopy materials from the suspects, we ask that you assist in the investigation by contacting your local FBI office.

While one conviction has been accomplished (see http://www.fbi.gov/philadelphia/press-releases/2013/nigerian-national-sentenced-to-100-months-for-involvement-in-scheme-to-defraud-lawyers-of-millions), this is an active case as 'copycat' groups are still in operation. Retain all materials they have sent you, both hardcopy and electronic for a minimum period of 90 days. As you have not lost money, you may or may not be contacted by federal law enforcement. Firms with losses take priority.

Attorney / Collection Scam - Understanding the crime

It has been dubbed the "Attorney/Collection" scam and has extracted millions of dollars from law firms in the US & Canada. While started by one Nigerian criminal group in Toronto, there are now 3 additional "copycat" groups participating due to the success of the first group. These additional groups are operating out of the Toronto area and the UK. The law firms are contacted first via email explaining that they wish to engage the law firm's services for collection of overdue accounts, most being larger than $420,000 each. Alternately, the firm receives a "referral" from another firm.

Once communications begin, the "debtor" somehow finds out about legal action being taken, contacts the law firm to tell them they will pay. The firm receives a counterfeit cashiers check via UPS or FedEx, most often but not always drawn on CitiBank. To date, over $500,000,000 in counterfeit Citibank cashiers checks have been sent to attorneys.

The check is deposited in the law firm's trust account. Within a few days, when the bank provides the firm with a provisional loan for the value of the check and the firm mistakenly believes that the CFT has actually been made good, the law firm wires the "due" amount to the scammer's "company" which in reality is a money laundering account somewhere in Asia, where literally hundreds of accounts are set up for this purpose. Once the bank finally discovers the check is counterfeit, it holds the law firm responsible for the entire amount.

The Nashville Post confirmed that Bradley Arant Boult Cummings recently fell victim to the scheme, wiring in excess of $400,000 to the scammers' bank account, even after performing what turned out to be faulty diligence on their part and contacting a supposed "third party" to verify the funds. Reports of a "quick arrest" by the FBI have been confirmed to be false.


Return to Alerts menu

419 Alerts

CHECK WRITER SCAM !

Scammers are "hiring" people to write, sign, and mail checks.
YOU ARE LAUNDERING DIRTY MONEY IF YOU DO THIS.
The bank accounts contain stolen money and/or drug money!
Contact Next Web Security or Fraud Aid IMMEDIATELY if you
or someone you know is in this situation ...
To contact us now, Click Here!



Protect your PC with
NWS Recommended Tools

Please visit our sponsors


Please visit our sponsors