IRS ‘Dirty Dozen’ Tax Scams for 2012 Puts Identity Theft and Phishing as Top Issues

A wide range of online scams surface on the Web and scammers are becoming more creative as time passes, but, according to the IRS 'Dirty Dozen' ranking of tax scams for 2012, the most prevalent schemes are phishing and identity theft. While phishing (attempts to steal and exploit personal information via social engineering techniques that convince you to give up your information freely) and online identity theft attacks have a history that's not much shorter than that of the computer industry that they exploit, recent urgency has been placed on protecting victims from these forms of attacks, which were listed in the US Internal Revenue Service's 'Dirty Dozen' list of 2012 scams. Both phishing and identity theft attacks tend to use sophisticated social engineering techniques to acquire security information that allows the criminals responsible to hijack bank accounts and other lucrative targets. SpywareRemove.com malware researchers also note that these attacks are often linked to PC threats and malicious software that engage in attacks that lack explicit or highly visible symptoms, some of which may be installed onto your computer automatically if you're exposed to compromised or dangerous online content. These identity theft and phishing can be considered some of the most numerous and potentially damaging threats to your PC and your wallet. It's encouraged that you have both appropriate security software and a set of good online safety practices to prevent your computer from being the next target.

Why the IRS Wants You to Be Aware of Common Tax Scams

Although putting a stop to both phishing and identity theft can rightfully be said to be everyone's responsibility, the IRS has taken an especial interest in these criminal industries, given that many attacks make use of fraudulent IRS e-mail messages and similar efforts to steal tax and identity-related information. Empty promises of tax returns, refunds or failed tax-processing claims are all rampant as excuses that are in use by phishing e-mail messages, many of which distribute hostile software or redirect victims to phishing websites. Even though the IRS has already put a stop to over a billion dollars in fraudulent tax returns just last year, statistics are indicative of the problem only increasing as of 2012.

As the silver lining to this gloomy forecast, SpywareRemove.com malware researchers are glad to note that the IRS is also developing new tools of its own to identify and deal with identity theft as a result of phishing attacks and other forms of fraud. Taxpayers with confirmed-to-be-stolen identities are now issued special personal identification numbers for security purposes, and expectations are that well over two hundred thousand victims will enjoy this security feature for filing this year.

Have You Fallen for the 'Dirty Dozen' Tax Scams? Watch Tax Tips from the IRS

Different Types of Phishing and Identity Theft Campaigns

Phishing and identity theft can take a vast array of forms, and even online, are limited primarily by the limit of plausible premises and the coding skill of the criminal. Spyware-based types of malicious software that enable these attacks, such as Trojan.Win32.Ramnit.C, Trojan-Spy.Win32.Zbot.bfur, Keylogger Zeus, Trojan-Spy.Win32.Dibik.fnz and Backdoor.Win32.Poison.ajag, may launch automatically, run in the background, inject their code into unrelated processes (such as Internet Explorer's process, iexplore.exe), monitor browser-based information input or quietly redirect your browser to copycat phishing sites that specialize in informational theft. In extreme cases, SpywareRemove.com malware researchers have even observed spyware that can display fake website authentication and SSL encryption notices to create a false appearance of security on copycat websites that are designed to appear identical to account login pages for banks.

Difficulty in detecting these types of hostile programs manually causes SpywareRemove.com malware researchers to recommend strongly that you use anti-malware software both to detect such PC threats and to thwart them proactively before they can be installed at all. Many types of PC threats, such as backdoor trojans, don't use phishing or identity theft-related attacks as a part of their default arsenal, but accommodate reconfiguration to add these attacks without much trouble on the part of the hacker that's in control. Keylogging-capable variants of spyware are able to steal total keyboard input, and may extend that theft to webcam input or your screen display.

While the above attacks sometimes use PC threats that are installed to your computer, other methods that SpywareRemove.com malware experts have inspected don't require the presence of hostile software on the target PC. Another common means of enabling phishing and identity theft is mass-distributed fraudulent e-mail messages, which can use a number of false identities, including the IRS, various tax-processing companies or even gaming companies (such as Blizzard, developer of the popular World of Warcraft MMORPG, whose users have been victimized by multiple waves of phishing attacks). E-mail-based phishing attacks will always use fraudulent premises, such as a fake tax return notice or fake airline ticket status update, to lure you into downloading an attached file or clicking an embedded link. Hence, these attacks can be avoided by simply having the common sense to verify the identity of an e-mail correspondent before taking either of these potentially risky actions. It's also noteworthy that many of the entities that are impersonated by such spam e-mail messages, including the IRS, explicitly refrain from communicating by e-mail and will never ask you to download a file or open a link.

Social networks are another source of exposure to potential phishing attacks, as in the case of such PC threats as 'VIDEO SHOCK – Hurricane Irene New York kills All' messages. Facebook is a particularly common target of these attacks, which will often use compromised accounts so that the link appears to have been sent by a friend. Even the ever-terse Twitter website has been targeted by phishing attacks such as the 'I saw a real bad blog about you' scam.

However, SpywareRemove.com malware researchers, like many others, have also borne witness to other sources of identity theft that can rely on mistakes made in company website security, as exemplified in recent attacks that have harvested identity information from beloved specialist companies such as Valve all the way up to the global behemoth Sony. In these cases, it's encouraged for you to stay aware of security-related news from companies that you give your personal information to, so that you can change your passwords and take other self-preservative actions immediately after any reported attacks against the databases that store your information.

Phishing sites that steal passwords and other information are often designed to look identical to normal account login pages, although their web addresses may have slight differences from the legitimate website. URLs that are displayed in e-mail links shouldn't be trusted on sight, since these links can be altered to redirect you to an URL other than the one that's being shown. Not all harmful websites that attempt to steal information will wait for you to give it to them – browser exploits, particularly those that use JavaScript or Adobe programs, are common means of installing spyware that can steal information from your PC even if you avoid any interaction with the website. Once again, appropriate security and anti-malware software is pivotal to avoiding these attacks, in addition to having an updated browser with its vulnerabilities patched to a minimum.

How to Avoid Scams and Prevent Identity Theft

Helpful defensive tactics for avoiding tax frauds, phishing attacks against your financial information and similar PC threats include:

• Avoid trusting suspicious e-mail offers from tax-processing companies and related entities. In particular, you can automatically discount any e-mail that claims to be from the IRS, which doesn't use e-mail-based communication in the first place.
• Don't click links or file attachments from questionable sources because it may lead to malware. Such sources include compromised Facebook accounts, fraudulent e-mail messages and instant messenger-based bots. Common types of fake e-mail include fake airline ticket status updates and fake tax return notices – often accompanied by a promise of great savings or a sudden financial penalty. This is a common method of infiltration by spyware, browser hijackers and other forms of malicious programs that can enable attacks on your tax data and other personal information. To make money quickly, phishers often use phishing emails to peddle fake antispyware programs such as Smart HDD, Smart Fortress 2012, Windows Foolproof Protector and PC Clean Pro. Rogue antispyware program or fake antivirus attacks are programs that pretent to be security applications to extort money from unsuspecting computer users. Rogue antispyware programs simulate system scans and display fake security alerts in order to convince PC users to purchase the fake software to clean their computer.
• Keep anti-malware software on your PC up-to-date so that it can detect and deal with phishing-enabling PC threats, such as spyware and browser hijackers, before they can be installed (or as soon as possible after their installation, in the worst case scenario).
• Keep your browser and script packages updated to minimize the presence of vulnerabilities. Browser or script vulnerabilities can be exploited to install PC threats that may redirect you to phishing sites or try to steal your identity.
• Stay abreast of security news from the IRS and other companies that have access to your private information. You can respond to news of compromised databases and similar attacks by immediately changing your passwords and other security information as a ward against attempted identity or account attacks.
• Be aware of the normal URL or web address for security-related sites that you visit. Copycat phishing sites will always contain URL discrepancies from the sites that they're imitating.
• Don't assume that a link leads to the web address that it claims to lead to – always verify the destination (by right-clicking the link and inspecting the element or copying the embedded address to a text field) before you left-click.
• Always inspect the history of an accountant or other tax professional before you pay for their services, especially online – many common scams collect fees for nonexistent tax services, only to claim later that the IRS ultimately rejected their claim.