Concerned about identity theft through internet schemes to obtain personal financial data, Secretary of the Commonwealth William F. Galvin has prepared a brochure entitled “Eight Tips to Avoid Phishing Scams”.
The brochure offers detailed information on how to read a website address so you will not be taken in by a site that appears legitimate, but is not.
The Secretary’s Securities Division has recently received reports that citizens of the Commonwealth are receiving e-mails purporting to be from the U.S. Internal Revenue Service but in reality are from criminals trying to lure unsuspecting citizens with the promise of eligibility for a tax refund.
This is only one in a series of ‘phishing’ scams cast under an official-seeming logo of the IRS. Over the past five months ‘phishers’ have sent mass e-mails claiming that the recipient is under criminal investigation for submitting falsified tax returns, must complete an “investigation form: from the “IRS’ Fraud Department,” or may receive $80 by filling out a customer satisfaction survey.
The latest phony message promises a refund yet asks for credit card information, which the bona fide IRS form does not. Further, the IRS does not send unsolicited e-mails to taxpayers asking them for access information for credit cards or financial accounts.
Also, if someone followed the link in the e-mail and looked at the address bar of his or her internet browser, he or she would see that the website begins with a suspicious string of numbers, one of the warning signs the Secretary cites in his new brochure.
“The lure of a possible tax refund and the sophisticated mimicry of legitimate government forms make this a particularly insidious case of phishing,” Secretary Galvin said. “But it is only one example. Often private sector financial firms have seen their good name hi-jacked by scam artists trolling for personal financial information.”
“Before you even think of sending any personal data,” Secretary Galvin said, “check the address bar of the e-mail you’ve received and put the company’s name into an internet search engine to see if the addresses match. The brochure lists many other tips for spotting phony e-mails that you should be aware of.”
Additional information of “phishing scams” is available on the Secretary’s website at www.sec.state.ma.us/sct, in person at the Securities Division, One Ashburton Place, Boston, MA 02108 or by calling toll-free 1-800-269-5428.
Secretary of the Commonwealth William F. Galvin warns Massachusetts citizens to beware of unsolicited e-mails purporting to be from financial institutions requesting personal information under the guise of ordinary account communications.
Similar e-mails contain unsolicited advertisements for financial services.
“Phishing” is Internet lingo for the practice of sending widespread e-mails in an attempt to gather personal data for the purpose of identity theft and other criminal efforts.
“Do not answer these e-mails, even if they seem to come from a legitimate company or mention a particular account,” said Secretary Galvin, the Commonwealth’s chief securities regulator. “Even if it has a ‘.com address’ of a company you do business with, you should call the company directly through their representative or call the customer service number on your account statement.”
“When in doubt about suspicious, unsolicited e-mails, just hit the ‘delete’ key,” Galvin said.
While e-mails of this sort seem like legitimate communications from a reputable brokerage, banking or advisory firm, they really come from con artists or criminals masquerading as legitimate companies in attempts to “phish” for personal information.
These “phishing” expeditions are an attempt to fraudulently acquire citizens’ personal information – account numbers, birthdates, Social Security numbers – for the phisher’s own nefarious purposes.
For additional information on investor education presentations in your area and access to your free annual credit report, please visit the Secretary’s website at www.sec.state.ma.us.