Still more sharks in the phishing hole: That PayPal email scam sure gets around

smile, you son of a b!!!!
This online phish is predatory, but it’s not that smart. Still …

I know. I’ve written about it before, but it just won’t go away.

In a blog called Miraculous Ladies I saw another account of the infamous PayPal email scam that just keeps bugging me. Here’s the gist of it:

I received an email from PayPal yesterday afternoon. It was about a restriction on my account. While reading the email and noticed two things. First, their email address was pay@bills.com. Secondly, I spotted grammar mistakes. Alarm bells rang!

I logged into my PayPal account. There were no messages about my account being restricted.

– See more at: http://www.miraculousladies.com/beware-paypal-scam-emails/#sthash.c5Ddd79Y.dpuf

That’s the main stuff here. She outlines things to watch out for, which is really useful stuff.

I’ve written extensively about this myself, as I’m sure you know:

Sharks in the phishing hole: That email isn’t really from PayPal

and …

More sharks in the phishing hole: Some folks never give up

This begs the question. Just what is this card-carrying member of the Testosterone-Toting club doing on the Miraculous Ladies site?

Linkedin, of course. Got the link from there. So if you’re on LinkedIn you’ll see the discussion.

Anyway, you know the deal. Watch out when you surf. You could be sharing waves with something predatory.

-endit-

Talk to me: Have you run across this email yet? Have you clicked on that link yet? What were you thinking?

everything-siggy-workingsize

 

 

 

 

 

 

Share

More sharks in the phishing hole: Some folks never give up


Ho-hum.

Got me another one, Ethel. Another of those notes from PayPal saying my account has been temporarily blocked.

Again.

Just for grins, let’s take a look at the email to find the obvious BS. because this stuff is getting old.

 

ΡayΡal
   Unfortunately , Your account is temporarily blocked   please follow the instructions below 

    Dear ΡayΡal Customer,

    ΡayΡal is constantly working to ensure security by regularly screening the accounts in our system.
We recently reνiewed your account, and we need more information to prove your ownership .
to help us to provide you with a secure serνice.
Until we can collect this information, your access to sensitiνe account features will be limited.
We would like to restore your access as soon as possible, and we apologize for the inconνenience.

    Why is my account access limited?

    we haνe reason to belieνe that your account was accessed by a third party.
Βecause protecting the security of your account is our primary concern, we haνe limited access
to sensitiνe ΡayΡal account features.
We understand that this may be an inconνenience but please understand that this temporary
limitation is for your protection.

    How can i get my account fully restored ?

     Please follow the link below and login to your account then reνiew your account information

     Confirm now

     Sincerlye ,ΡayΡal customer department!

   

 

Yeah, yeah, yeah.

A couple of things come to my attention:

Here’s the horse it rode in on email address it came from:

secured@inc.pay2.com

Got that so far? Doesn’t look like a PayPal to me.

A couple of other things that in of themselves are not deal breakers, but they’re sure red flags:

Unfortunately , Your account is temporarily blocked

   please follow the instructions below

Notice the space between Unfortunately and the comma. Again, no biggie by itself, but it’s far from what a professional operation like PayPal would produce.

There are other grammatical errors, mostly in capitalization. And it’s not “sincerlye.”

This tells me this note was written by someone who does not speak English as a first language. Russian perhaps? North Korean? One of those nations that specializes in malware and computer hijacking?

After checking my firewalls, bumping up my security and all that good junk I clicked on the link. Here’s what I got:

 

Reported Phishing Website Ahead!
Chromium has blocked access to sssecu1rity.com. This website has been reported as a phishing website.
Phishing websites are designed to trick you into disclosing your login, password or other sensitive information by disguising themselves as other websites you may trust. Learn more
 Advanced

* * *

In case anyone misses it, it’s on a red background.

Now, I don’t ever advocate clicking on links like that. In fact, if you click on “confirm now” in the text of the letter, you probably need to snip your Internet connection, turn in your computer and stick with something safe. Like skydiving or something. I figured I can get away with it because a) I know what I’m doing, b) my security is extremely tight and c) I’m using Linux anyway.

Oh, yeah. I forgot to mention. This email came in two of my accounts (I have several). My PayPal account is only attached to one domain name. These two email accounts are under another domain name. So as far as these senders are concerned I really don’t have a PayPal account.

Hey, y’all. Watch the sharks.

# # #

First add: I covered this issue before, and it keeps coming back. You’ll find my story here.

# # #

Second add: I also ran some precautions when I wrote that. They were pretty much off the top of my head, but the original story is here. I pasted in the list below just ’cause I like you:

  • Choose your tools carefully. If you use Internet Explorer, take that icon off your desktop right now and surf with a different browser. Chromium (an open-source version of Google Chrome) is good, as are Firefox and Opera.
  • Keep that browser updated.
  • Be careful about passwords; PayPal_Andy’s advice of having a designated password for each site is highly recommended, even though I’m guilty of using the same passwords for more than one site.
  • Don’t open any attachments if you don’t know the sender.
  • Be wary of attachments from someone you know; zap it with your virus and malware protection tools before you open it.
  • I’d also be wary of links sent by email, especially when they’re shortened through bit.ly or some other service. Also be careful of links posted on your favorite social media sites; you can click on some malware real easily that way. I’ve seen malware propagate among everyone on your friends/followers lists, making them the gift that keeps on giving.
  • You do have virus protection, don’t you? You do keep it updated, don’t you? Virus protection that’s not kept up to speed is totally worthless.
  • Grab some spyware protection, too. For that I recommend Spybot Search And Destroy.
  • Be careful about using public wireless for any business involving money; it’s too easy to tap into your information that way.
  • If surfing in a public place, watch for anyone behind you or sit with your back against a wall. I know this sounds goofy, but when some lowlife is trying to grab your information the low-tech ways are often the most effective.
  • Don’t let me scare you or anything.

If you use a smartphone:

  • Guard it with your life. Even if you want to be a good neighbor and help someone in a pinch, don’t let that person “hold” your phone. It’s too easy for him to snatch it and run. Most smartphones carry way more information than you’d think, and most of it can be found in seconds.
  • Be careful about dropping or leaving your phone somewhere. Same reason.
  • I use a lanyard from an old mp3 player and attach it to my phone holster. The other end is attached to a small carabiner, which I clip onto a belt loop. The holster’s flap is closed when I’m not using the phone. That way, if the holster falls off (happens more often than I’d like to think) or someone tries to snatch it off your belt, you’d know immediately.
  • Stay aware of what’s around you, even if you’re texting or playing Angry Birds. I’ve heard of folks stealing someone’s phone while the person is using it.
  • Two words: Password protection.

# # #

Final add: For your edification and amusement, I added this video at the last minute. It seemed to fit the theme somehow. I wonder if anyone told the diver that one side of his cage is missing?

# # #

 

 

 

 

 

 

 

 

Share

‘Staring at the phone’ takes on new meaning

line drawing of smartphone
My smartphone looks almost like this now.

My smartphone croaked yesterday.

I know. What am I gonna do, right?

For one who was such a late adopter into the mobile scene, I’ve sure made up for lost time. I do just about everything with that phone:

  • Check my news.
  • Keep in touch with clients.
  • Read my email.
  • Post weird thoughts on Twitter.
  • Read ebooks.
  • Take pictures.
  • Make voice recordings.
  • Maintain my daily calendars.
  • Listen to music.
  • Handle my finances.
  • Even post to my blogs from the phone.

Oh, yes. I’ll sometimes make phone calls. But that’s the least important function. As far as voice calls go, that smartphone isn’t worth a lick.

But I’m scrambling.

Voice calls and text are no problem. I have another so-called “feature phone” (translation: dumbphone) kicking around, and it works very well. I can do some cool things like checking bank balances with a text. But I can’t really go online and do really heavy stuff with it.

How people use their phones

I read in SocialTimes that the average adult American uses his smartphone 58 minutes a day. The only real surprise is that you’d think it’s much more than that. But these numbers may also include those who don’t even have a smartphone, so there’s that. But still, I’m obviously not your typical American adult.

What’s interesting is the usage according to SocialTimes:

  • Using social networks: Nine minutes.
  • Sending and receiving text messages: 12 minutes.
  • Browsing the Web: Eight minutes
  • Sending and reading email: Five minutes.
  • Playing games: A tick under five minutes.
  • Actually talking on the phone: 15 minutes.

IPhone users spend a lot more time on smartphones than Android users, and will text more than the average. But they’ll talk less; I understand the quality of the phone might have something to do with that.

I’ve never timed my smartphone usage and never wanted to because I’m afraid of seeing the results. But my Web browsing and email are considerably higher than the average. I’m probably solid average with text messaging and social media — in my case it’s Twitter and Linkedin. Phone calls? Not so much; I’ve made nine phone calls in the last 30 days. Some were long; a couple of hour-long teleconferences, but that’s about all.

But reading the news is where I blow up the scale. I love RSS news feeds, and of course they’re sent directly to my phone. That’s my biggest time sink.

But here’s the funny thing. I chose not to have an Internet connection at home because I get distracted easily, and can spend a lot of time chasing online squirrels when I should be working. But with a smartphone there’s really no difference except maybe I’m staring at a smaller screen. It’s still a distraction.

Because of that, I’m not in any hurry to replace my smartphone. I can still do some things on it, at least for a while before it completely bonks out.

OK, so I’m making some adjustments. I can still use my smartphone some, but I can’t leave it on all the time. Puts too much strain on the innards.

I can still read ebooks, take pictures and listen to music from the smartphone — all that cool online stuff, so it ain’t dead. But it’s more like that old Palm Pilot I wore out several years ago.

# # #

 

Share

Sidebar: Protect that computer information and thank yourself later

While writing today’s piece on yet another phishing attempt by someone claiming to be PayPal, a few things came to mind and they deserve a blog entry on their own. I’ll include them in this sidebar.

Off the top of my head, I listed a few measures you can take to protect your computer and your online information — in fact, your whole identity — from being stolen.

This gets even more important as we use the Internet for more important aspects of daily life, such as moving money around.

Most of these tips are common sense, but those are sometimes the hardest ones to remember and implement.

Here’s a sampling:


  • Choose your tools carefully. If you use Internet Explorer, take that icon off your desktop right now and surf with a different browser. Chromium (an open-source version of Google Chrome) is good, as are Firefox and Opera.
  • Keep that browser updated.
  • Be careful about passwords; PayPal_Andy’s advice of having a designated password for each site is highly recommended, even though I’m guilty of using the same passwords for more than one site.
  • Don’t open any attachments if you don’t know the sender.
  • Be wary of attachments from someone you know; zap it with your virus and malware protection tools before you open it.
  • I’d also be wary of links sent by email, especially when they’re shortened through bit.ly or some other service. Also be careful of links posted on your favorite social media sites; you can click on some malware real easily that way. I’ve seen malware propagate among everyone on your friends/followers lists, making them the gift that keeps on giving.
  • You do have virus protection, don’t you? You do keep it updated, don’t you? Virus protection that’s not kept up to speed is totally worthless.
  • Grab some spyware protection, too. For that I recommend Spybot Search And Destroy.
  • Be careful about using public wireless for any business involving money; it’s too easy to tap into your information that way.
  • If surfing in a public place, watch for anyone behind you or sit with your back against a wall. I know this sounds goofy, but when some lowlife is trying to grab your information the low-tech ways are often the most effective.
  • Don’t let me scare you or anything.

If you use a smartphone:

  • Guard it with your life. Even if you want to be a good neighbor and help someone in a pinch, don’t let that person “hold” your phone. It’s too easy for him to snatch it and run. Most smartphones carry way more information than you’d think, and most of it can be found in seconds.
  • Be careful about dropping or leaving your phone somewhere. Same reason.
  • I use a lanyard from an old mp3 player and attach it to my phone holster. The other end is attached to a small carabiner, which I clip onto a belt loop. The holster’s flap is closed when I’m not using the phone. That way, if the holster falls off (happens more often than I’d like to think) or someone tries to snatch it off your belt, you’d know immediately.
  • Stay aware of what’s around you, even if you’re texting or playing whatever brain-sucking smartphone game is hot these days. I’ve heard of folks stealing someone’s phone while the person is using it.
  • Two words: Password protection.

If you can think of any other means of protecting your information, share in the comments section. I’ll be glad to include it. Let’s watch one another’s backs.


Share

Sharks in the phishing hole: That email isn’t really from PayPal

smile, you son of a b!!!!
If you conduct your business online, make sure you don’t put any blood in the water …

Much of my life is automated via the Internet. I do my work, pay my bills and buy things online. Shoot, I haven’t been inside a bank in two years because all this is done over the ‘net. I even have an account with one bank that operates completely online, without a brick-and-mortar branch within sight.

This is great in most circumstances but it sure leaves me open to all sorts of security glitches.

If you’re reading this on your computer, you may be in that same boat. Of course you have an Internet connection. You might buy things online, pay your bills through the Internet or even govern your whole life through a coaxial cable or wifi connection. It’s great, it’s convenient, and sometimes it’s dangerous.

I received more confirmation of this danger the other day when I checked my email. It’s allegedly from PayPal, and it carries all sorts of dire warnings.

The email that set stuff off

Here’s the note, in its entirety but with the account ID deleted. Other than that, I kept the capitalization and spacing (this part’s important) just as you see it here:


Your account has been limited Paypal ID PP-xxx-xxx-xxx

Service@paypal.com

Identity issue PP-xxx-xxx-xxx

Please complete the attached form to verify your Profile information and restore your account access.


Personal Information Profile

Make sure you enter the information accurately, and according to the formats required.

Fill in all the required fields.

Dear customer ,

As part of our efforts to provide a safe and secure environment for the online community, we regularly screen account activity. Our review of your account has identified an issue regarding its safe use. We have placed a restriction on your account as a precaution.

To lift the restriction we will require some further information from you.

If, once we review your further information and we’re convinced that the use of your account does not present a safety risk to our service and customers, we’ll be happy to reinstate your account.

We have sent you an attachment which contains all the necessary steps in order to restore your account access. Download and open it in your browser. After we have gathered the necessary information, you will regain full access to your account.

We thank you for your prompt attention to this matter.

Very sincerely,

PayPal Review Department.


There’s an attached document that came with this note.

Did I download and open it?

Uhh, noooo … forgive this journalistic lapse, but I’m really not as dumb as I look.

Things that made me go h’mmm …

PayPal
Watch it if you get an email purporting to be from these guys.

There were a couple of red flags that went up right away.

One of those red flags was the address this email went to. I have six email addresses, and two of them (my Gmail addresses) are attached to my PayPal account. But this email went to two addresses that have nothing to do with PayPal, and both are under my ericpulsifer.com web domain.

Now understand the importance of this. PayPal uses your associated email address to make all transactions. That means if you use that service and want to send me money (hint hint) you’ll send it through the email address associated with it.

(So if you’re feeling generous, crank up your PayPal and my email address is epulsifer@gmail.com. Be sure and send it in small unmarked bills and I’ll be real happy.)

All my PayPal communications go through that one Gmail address. So to receive this email through one of my business (non-Gmail) addresses gives me pause right away.

This gets really suspicious when I get simultaneous emails to different boxes under the same domain name.

While the email’s reported sender is Service@PayPal.com (with the capitalization just as you see it here), the actual email address is security@info.com. Now, how suspicious is that?

I checked my PayPal account and found nothing even resembling the account ID number listed in the email. I do have a merchant ID number, but it’s not even close. Could be that I’m not looking in the right place, but I don’t think so. Paypal’s ID is basically your email address. Got that?

After receiving the email I checked my PayPal account right away. Everything was copacetic. I was able to access it like I always have, without restrictions. So you know the sender was trying to baffle me with BS.

Chasing the story

Being the troublemaker that I am, I ran a Google search using the phrase “paypal restore account information email” and man, did I get a pantload of results. None of them carried good news either, but it was highly educational.

Just from looking at the first page of the search results, I saw this scam has been kicking around since 2006.

According to consumerfraudreporting.com, PayPal will never send you an email without putting your name on it. In other words it will be “Dear Eric Pulsifer,” not “Dear customer.” And you can bet they won’t leave a space between “customer” and the comma in the greeting; this just tells me it’s just some guy sending these emails from some basement somewhere.

Oh, yes. According to my research, PayPal doesn’t send attachments. I know I’ve never seen one from them. Forget it.

I checked on the PayPal community forum, and found some more revealing information. Several users reported similar emails and the forum administrator, who identifies himself as PayPal_Andy (I’ll assume he’s an employee) wrote this:

First, I’d recommend running a virus scan just to make sure you didn’t pick up anything unsavory when you clicked there. If everything’s fine (or once it is), I would recommend going to PayPal and changing your password and security questions through the ‘Profile’ link. Make sure this password is brand new and you haven’t used it anywhere else and you should be fine. Just keep an eye on your PayPal account for any unauthorized charges, and if you see any, let us know ASAP.

Andy

Sound advice. It’s common sense, but you can ride with the assumption that the phisherman probably snagged some of your information before sending that email. Change your password immediately just to make sure.

By the way, Andy posted his response in August 2011, so you know this scam is an oldie but goodie. But phishers and other off-brand types wanting to access your valuable information tend to stick with a winning formula.

If you get that email …

Generally, if you have an issue with access to your PayPal account, you can do all the fixing through the actual site. They have a “resolution center” where you may or may not get immediate answers, but it’s sure a lot safer than downloading/filling out an attached form you got from some random person and sending it via email.

Consumerfraudreporting.org suggests forwarding any fraudulent PayPal email to spoof@paypal.com — which I just did as I was researching and writing this piece. Here’s what I wrote:

I received this at two separate email addresses under the same domain, and neither one is associated with my PayPal account. Smelled a rat immediately and didn’t bother to open the attachment, so I won’t pass that part along to you.

Thought you might like to know, especially if you’re counting.

Thanks,

–Eric Pulsifer

So far, no response. But let the record reflect I went through proper channels.

Despite PayPal’s somewhat squirelly reputation (every year it finds itself in the running for the most evil company by the Consumerist website), I’ve never had a problem with them. Never. I once had to send some paperwork to prove I was who I said I was, but everything was resolved quickly by phone after that. While that was inconvenient, I have to give them brownie points for taking that security step.

I also have my account set up to send me an email and a text message when I make a transaction, and this has served me well. I found out within seconds when a restaurant tried to charge my PayPal debit card twice for a meal, so after I complained to the restaurant management, PayPal fixed things on their end without me having to prompt them. I might have scared the PP out of everyone involved, but somebody had to do it.

So from my perspective I have nothing bad to say about PayPal’s customer service. They’ve always been responsive and went that extra mile with me. Maybe I’m just Texas-lucky here, but I’ll take it.

The upshot of this whole mess is, if you receive this kind of note from PayPal, don’t panic. Don’t click on any attachments because it’s not from them and it’s probably malware anyway. And if you a) get it in an email box that’s not associated with your PayPal account or b) you don’t even have a PayPal account — that’s been reported too — then you know someone just tried to pull a fast one on you.

Enjoy your computers. Keep your online experiences fun and/or profitable. Just watch out for the phishing holes; there are sharks aplenty in there.


(For more information on protecting your computer and your information, be sure and check out my sidebar here. I even covered smartphones here, including my favorite 99-cent hack that may keep you from losing your phone.)

 

 

Share

Scam alert: If you get an email from the IRS, it’s not them

If you get a note from the IRS (Eternal Revenue Service), it’s usually not a good thing unless it comes with a check. But if you get an email from the IRS, you should really pay attention. It might not be them.

I got a strange one in my email box the other day, and it was a genuine head-scratcher:

* * *

Gmail Team mail-noreply@google.com
Jun 2 (5 days ago) 

to me

The message “Your Federal tax report #ID9837” from Internal Revenue Service (customer.service@irs.gov) contained a virus or a suspicious attachment. It was therefore not fetched from your account editor@ericpulsifer.com and has been left on the server.

If you wish to write to Internal, just hit reply and send Internal a message.
Thanks,

The Gmail Team

 

* * *

OK. Here’s the deal. Whoever it was sent it to my business email address, which hasn’t existed very long. See, all my emails feed directly into my gmail box, making it easier to keep track of stuff and handle all my addresses without having to log in and out and in and out. Email addresses are cheap.

Anyway, I went to my business email box:

* * *

Your Federal tax report #ID***7
From : “Internal Revenue Service” <customer.service@irs.gov>
To :
editor@ericpulsifer.com
Received :

06-02-2012 10:18 PM

Tax Refund,

The analysis of the last annual calculations of your fiscal activity has indicated that
you are entitled to receive a tax refund of $382.34
Please submit a request of the tax refund and a processing of the request will take 7-14 days.
A tax refund can be delayed by different reasons.
For instance submission of invalid records or sending after the deadline.

Please find the form of your tax refund attached and fill out it and send a report.

Yours sincerely,
Internal Revenue Service.

* * *

That’s the email, and it’s pure horse dung. I didn’t even bother to open the attachment. But as far as phishing/information mining/scamming goes, it’s an oldie but goodie.

Here’s what I got from the Internet from the Internet Crime Complaint Center:

* * *

Intelligence Note  Prepared by the Internet Crime
Complaint Center (IC3)
December 1, 2005
E-mail disguised as the Internal Revenue Service (IRS) phishing for personal information
The FBI
has become aware of a spam email claiming the recipient is eligible to receive a
tax refund for $571.94. The email purports to be from tax-returns@irs.gov
with the subject line of “IRS
Tax Refund.” A link is provided in the email to access a form required
to be completed in order to receive the refund. The link appears to connect to the
true IRS website. However, the recipient is redirected to
http://www.porterfam.org/2005/, where personal data, including credit
card information, is captured.
This e-mail is a hoax. Do not follow the provided link.
Be cautious when responding to requests or special offers delivered through unsolicited
email:  Guard your personal information as well as your account information carefully. Keep a list of all your credit cards and account information along with the card
issuer’s contact information. If your monthly statement looks suspicious or you
lose your card(s), contact the issuer immediately.
If you have received this, or a similar hoax, please file a complaint at
www.IC3.gov.

* * *

Looking a little further, I checked from the jackass’ mouth itself, going straight to the IRS website. I pasted it directly in here, so it may look funky.

The upshot is, they’re not going to use email or social media to contact you:

* * *

The IRS does not initiate contact with taxpayers by email or any social media tools to request personal or financial information

What is phishing?
Phishing is a scam typically carried out by unsolicited email and/or websites that pose as legitimate sites and lure unsuspecting victims to provide personal and financial information. 

All unsolicited email claiming to be from either the IRS or any other IRS-related components such as the Office of Professional Responsibility or EFTPS, should be reported to phishing@irs.gov.

However, if you have experienced monetary losses due to an IRS-related incident please file a complaint with the Federal Trade Commission through their Complaint Assistant to make that information available to investigators.

What to do if you receive a suspicious IRS-related communication

If

Then

You receive an email claiming to be from the IRS that contains a request for personal information …
  1. Do not reply.
  2. Do not open any attachments. Attachments may contain malicious code that will infect your computer.
  3. Do not click on any links.
    If you clicked on links in a suspicious email or phishing website and entered confidential information, visit our identity protection page.
  4. Forward the email as-is, to us at phishing@irs.gov.
  5. After you forward the email and/or header information to us, delete the original email message you received.

Note:
Please forward the full original email to us at phishing@irs.gov. Do not forward scanned images of printed emails as that strips the email of valuable information only available in the electronic copy.

You discover a website on the Internet that claims to be the IRS but you suspect it is bogus … send the URL of the suspicious site to phishing@irs.gov. Please add in the subject line of the email, ‘Suspicious website’.
You receive a phone call or paper letter via mail from an individual claiming to be the IRS but you suspect they are not an IRS employee … Phone call: 

  1. Ask for a call back number and employee badge number.
  2. Contact the IRS to determine if the caller is an IRS employee with a legitimate need to contact you.
  3. If you determine the person calling you is an IRS employee with a legitimate need to contact you, call them back.

Letter or notice via paper mail:

  1. Contact the IRS to determine if the mail is a legitimate IRS letter.
  2. If it is a legitimate IRS letter, reply if needed.

If caller or party that sent the paper letter is not legitimate, contact the Treasury Inspector General for Tax Administration at 1.800.366.4484.

You receive an unsolicited e-mail or fax, involving a stock or share purchase … and you are a U.S. citizen located in the United States or its territories or a U.S. citizen living abroad. 

  1. Complete the appropriate complaint form with the U.S. Securities and Exchange Commission.
  2. Forward email to phishing@irs.gov.
    Please add in the subject line of the email, ‘Stock’.
  3. If you are a victim of monetary or identity theft, you may submit a complaint through the FTC Complaint Assistant.

… and you are not a U.S. citizen and reside outside the United States.

  1. Complete the appropriate complaint form with the U.S. Securities and Exchange Commission.
  2. Contact your securities regulator and file a complaint.
  3. Forward email to phishing@irs.gov.
    Please add in the subject line of the e-mail, ‘Stock’.
  4. If you are a victim of monetary or identity theft, you may report your complaint to econsumer.gov.
You receive an unsolicited fax (such as Form W8-BEN) claiming to be from the IRS, requesting personal information … Contact the IRS to determine if the fax is from the IRS. 

  • If you learn the fax is not from the IRS, please send us the information via email at phishing@irs.gov. In the subject line of the email, please type the word ‘FAX’.
You have a tax-related question …Note: Do not submit tax-related questions to phishing@irs.gov. If you have a tax-related question, unrelated to phishing or identity theft, please contact the IRS.

How to identify phishing email scams claiming to be from the IRS and bogus IRS websites


The IRS does not initiate contact with taxpayers by email to request personal or financial information. This includes any type of electronic communication, such as text messages and social media channels.

The IRS does not …

… request detailed personal information through email.
… send any communication requesting your PIN numbers, passwords or similar access information for credit cards, banks or other financial accounts.


What to do if you receive a suspicious email message that does not claim to be from the IRS

If

Then

You receive a suspicious phishing email not claiming to be from the IRS … Forward the email as-is to reportphishing@antiphishing.org.
You receive an email you suspect contains malicious code or a malicious attachment and you HAVE clicked on the link or downloaded the attachment … Visit OnGuardOnline.gov to learn what to do if you suspect you have malware on your computer.
You receive an email you suspect contains malicious code or a malicious attachment and you HAVE NOT clicked on the link or downloaded the attachment … Forward the email to your Internet Service Provider’s abuse department and/or to spam@uce.gov.

* * *

If you’re into links, here’s the IRS announcement.

So I’m not going to open this attachment. I’m not going to bother.

I know they don’t owe me a refund, and if they did they’re not going to tell me unless I ask. What do I think they are, stupid?

(Don’t answer that!)

So if you get an email from the IRS, forget it. It’s not them.

###

 

 

 

Share

Sending aggressive-sounding emails? There’s a (Windows) app for that

OK, so you’re sending snarky emails in the heat of the moment? Maybe you told off a co-worker or your boss in an interoffice communication? Or worse, had the mother of all rectal-cranial inversions and told your spouse where to get off in an email?
I ran into this in lifehacker.com:

ToneCheck Stops You from Sending Passive Aggressive (or Plain Aggressive) Emails

Here’s an excerpt:

ToneCheck is an email plug-in that checks the content of your emails for tone and alerts you to language that may be misunderstood or interpreted as particularly negative … let’s face it: Sometimes you send an email that you fully intend to convey anger or annoyance. But text communication is rife with misunderstandings, and often an email with perfectly pleasant intentions can lead to a lot of upset coworkers. That’s what ToneCheck aims to address.

I find this a little disturbing, actually. Let’s get in the toboggan and ride the slippery slope for a minute: I can see versions of this that can plug into your word processor, and screen out any language that is not deemed politically correct. Under that scenario, I might be tripping that alarm an awful lot.
Right now, it’s in beta and during this period it is free. So far, this works only with Windows systems running Outlook, though I understand other versions are in the pipeline.
I don’t think I’ll be beta-testing this one.
###
Share

Airport security: A modest proposal

I’m not sure who originally wrote this, but I like the idea. It was one of those Fw: emails that crosses my transom, sent by my mom.

In all, it sounds like a good workable solution. Later with all these pat-downs at the airport security line and invading your carry-on luggage. This is quick, clean (well, sort of), and cheap in the long run.

Here it is:

Here’s the solution to all the controversy over full-body scanners and racial profiling at the airports:

Have a booth that you can step into that will not x-ray you, but will detonate any explosive device you may have on your body. It would be a win-win for everyone, and there would be none of this crap about racial profiling and this method would eliminate a long and expensive trial. Justice would be quick and swift.

This is so simple that it’s brilliant. I can see it now. You’re in the airport terminal and you hear a muffled explosion. Shortly thereafter an announcement comes over the PA system, “Attention standby passengers. We now have a seat available on flight number 4665 …. Paging maintenance. Shop Vac needed in booth number 4.”

See, it could work. Who’s with me on this?

###
Share