So my wife asked me the other day, “Why are we getting this?” She was referring to an email we received that said, “Your Federal Tax Payment ID: 9387589 is failed.” I could see she was a little concerned and wanted to resolve it right away. And that’s exactly what they want. That’s how they get ya! Get an unsuspecting but otherwise conscientious person, who has their stuff together, to respond quickly without questioning or verifying things. They just want to address it and get it resolved. Normally that’s a good thing.
Poor grammar notwithstanding, I knew without even reading the body of the email that it was a hoax – a scam. How? For starters, I don’t owe Uncle Sam any money for taxes last year or the several years prior. Secondly, the number referenced in the email doesn’t even contain the correct number of digits to be a valid Social Security or tax ID number. Even if it did, the number they provided was nowhere near my SSN. Plus, I don’t own a business, so I don’t have a “Federal Tax ID Number” (also called an EIN “Employer Identification Number”).
Among the other clues indicating the request was bogus is the fact that our Federal government does not notify taxpayers of delinquencies, rejected tax returns, or failed electronic payments by way of an email message. And if by chance they did, I’d hope it wouldn’t come from some random joker named “Francisco Maghee”. Not to mention, “Francisco’s” email address prefix was a string of gibberish — “ghnqcsuvktecvy” to be exact. Never mind that a quick Google search of the domain used in the email address (everything after the “@” symbol) revealed that a spammer had been using a legitimate organization’s domain as the “From” address on their spam emails . And that was a far cry from a “.gov” top-level domain (TLD), which you’d expect to see from a government agency like the IRS.
Another red flag was the attachment, which I did not open! It was an executable file (its name ended in “.exe”), which you should never click on or open, unless you’re absolutely sure of what the file contains and that it came from a trusted source. Since neither of those conditions were the case, there’s a good chance the sender’s objective was to get one of us to click on, and therefore open, the attached file. Opening the attachment would launch or run the executable file, possibly containing a virus, trojan, spyware, or other form of malware. Malware can slow down or break your computer, and can be costly and time-consuming to repair. Malware could also run a program in the background, without your knowledge, and gather your personally identifiable information (PII) for use without your consent, for evil purposes, and/or to steal your identity.
Identity theft occurs when your PII is stolen, taken without your permission, or obtained under false pretenses. Your information is then used to do any number of things including making unauthorized purchases on your credit card, opening new credit or bank accounts, and applying for and obtaining a loan, just to name a few.
So, what if you get a “phishy” email like the one I received? Simple. Delete it immediately and do not open any attachments!
BOTTOM LINE: Be skeptical. Question everything. Don’t be so quick to respond to inquiries received in an email. That is, if you even respond at all.