IRS scam HPE CaaS Header Footer Data Published 10/30/2015 06:00:23 AM, Template Published: UNKNOWNData Published 10/30/2015 06:00:23 AM, Template Published: UNKNOWN

StartFragment

Recently, my daughter attending college called quite upset. A close friend, Lucy (not her real name) had fallen victim to a telephone scammer. The scammer caught her off guard in the middle of a tough engineering course. She became visibly upset in class and ran out. The scammer had told her she would be sent to jail if she did not pay the IRS immediately.

ngIf: link

Lucy ran from class, asked her roommate to give her a ride to Best Buy to buy gift cards. Her roommate was busy so she found someone else to give her a ride. Note, the whole time the scammer is on the phone with Lucy. Once at Best Buy she asked to increase the limit on her credit card, which they refused to do. Then, at the urging of the scammer, she took out a new credit card and max’ed out that credit card purchasing gift cards. She also emptied her bank account – handing over all the money to the scammer.

When Lucy reported the fraud to the Police, they stated she was lucky they only got $1,300. Many other students had been scammed for considerably more money. Lucy is not alone in being scammed, since 2013 more than 5000 people have lost more than $26.5 million to IRS phone scams. This is only what was reported. Many millions more was probably lost but not reported. The IRS states there was a 400% increase in phishing and malware incidents in the 2016.

It is interesting in speaking with people regarding this. Some people have utmost empathy for Lucy. Others get a good laugh--ha ha she fell for it.

When the University was alerted to the problem, they initially did not believe scammers were victimizing their students.

Why would someone fall victim to such a scam?

• Phone Phreaking. When caller ID shows it is the FBI or IRS, it ads substantial legitimacy to the caller.

• The caller knows all about the victim – address (Lucy had only moved in 6 weeks earlier), college major, last 4 number of social security number.

• Caller has sense of urgency, menacing and a threat of victim and/or victim’s family going to jail.

• Victim does not have familiarity with how the IRS work. The IRS sends a letter via snail mail. Also, they do not ask for payment via gift cards, pre-paid debit cards, money orders, wire transfers and do not ask for credit cards numbers. Note that the IRS does not ask for personal or financial information by email, text, phone or social media.

As a cyber security professional, I look for where it could have been prevented:

• Students in Lucy’s course could have realized something was wrong and intercepted her before she left for Best Buy.

• The people that gave Lucy a ride could have alerted her to the potential for fraud.

• All retail stores that sell gift cards including Best Buy’s staff should be trained to detect scams in progress and call the police. (A CVS in my neighborhood did exactly that. An elderly lady was upset, had someone on the phone instructing her how to obtain more money, buy gift cards and turn them over to the scammer. The CVS employee realized something was wrong, called the police and delayed the sale of the gift cards. Needless to say, the scammer hung up when the police got on the phone.)

• The colleges and universities should offer mandatory fraud prevention training.

From a technical perspective:

• The telecommunications infrastructure should be upgraded to not allow callerID to report bogus information.

• Gift cards, debit card transactions, and wire transfers should have a 24 hour waiting period before the funds are transferred and become untraceable.

For more information on tax scams https://www.irs.gov/uac/tax-scams-consumer-alerts.

EndFragment