StopSign®

As we get closer to April 15th here in the U.S., tax scams will be on the rise. Every year phishers, scammers, and hackers take to the Internet and attempt to rook as many people as possible into forking over their banking information and hard-earned cash. We’ll give you some pointers on how to detect, and avoid, some of the more common tax scams.

Most tax scams involve someone claiming to be from the IRS, and the scam will more than likely involve identity theft. These scammers pose as legitimate IRS employees and try to fool you into giving them personal and/or financial information. (e.g. passwords, Social Security numbers, PIN numbers, bank account information, credit card numbers, and even your mother’s maiden name) Any information they gain can be used to try to get access to one or more of your accounts and rob you blind. While snail mail scam attempts are not unheard of, it’s much easier for the bad guys to send out false IRS emails or set up fake IRS websites.

When it comes to figuring out if an email or web site is really from the IRS or if it’s part of an elaborate tax scam, there are usually some tell-tale signs to distinguish the fake from the real. First off, if the name of the Internal Revenue Service or any other federal agency is spelled wrong, that’s a dead giveaway. Another common problem is bad grammar and/or odd phrasing of words. Many of the email or website tax scams come from overseas, and non-native English speakers will usually get something wrong when they write the content for their scam.

There are innumerable ways that someone can try to take advantage of you, but here are some of the more common IRS tax and/or refund scams to watch out for:

• Fake Links and Phony Websites: The IRS says that this is the most common tax scam: Someone claiming to be from the IRS and sending out an email promising tax refunds when you click a link in the email and fill out a form on a web page. Phishing scams involving an identical-looking (but fake) IRS website are all too common. Just remember that the only way to get a refund is by sending in your tax return to the IRS, not by clicking a link you get in an email.

  We’ve got a blog post on “How to Spot a Fake Website” that can help you figure out what’s real and what’s a scam.

• Form W-8BEN: Even though form W-8BEN is a real tax form, a rising tax scam is for someone claiming to be from the IRS and asking you to fill out Form W-8BEN. This is particularly nasty because this form requires personal financial details to be submitted, and should only be submitted through your financial institution. (The IRS will never ask you to fill out a W-8BEN form.) In general the IRS doesn’t send unsolicited emails to taxpayers and they certainly don’t discuss or request tax account information via email.

• Fake Refunds: One of the scams the IRS warns taxpayers about are emails or letters promising refunds that don’t actually exist. They could claim to detail some new “economic recovery” law you’re eligible for (and an increased tax refund) if you register your bank account info with the IRS, or they may even offer to pay you to take part in an IRS survey. If you sign up, instead of a bigger refund or a fat check you’ll be funding a scammer for his or her next vacation. If you want to maximize your refund, consider hiring a trusted professional instead of signing up for something from an unsolicited email.

• Virus-infected tax forms: Malware attacks aimed at U.S. taxpayers tend to rise during tax season, and fake W-2 forms in an email can be filled with trojans, spyware, or viruses. Before opening any email attachment, make sure you are expecting an email with an attachment or you may unwittingly give hackers access to your computer. Once they’re on your system, a hacker can install key logging software to capture everything you type (emails, passwords, shopping cart items, Internet searches, etc.) without you knowing about it at all.

• Threatening emails: Some tax scams take a hard-nose approach to their phishing attempts. You could receive an email threatening you with legal consequences if you don’t respond to an e-mail or register on a website provided, which will be conveniently run by the scammer. Things they may tell you that you’ll be liable for include additional taxes, huge legal fees, or a reduction of tax refunds.

As long as there are taxes, there will be tax scams aimed at innocent people. If it sounds too good to be true, it probably is. If it sounds too fishy, it probably is. If you think someone is trying to scam you, or if you think you were the victim of a tax-related scam, contact the IRS, your bank (including credit card companies and other financial institutions if applicable), and your local police department.

Here are a few selected RT’s and assorted information from the StopSign Twitter account you may have missed this week. Did we miss anything? Please let us know by leaving a comment below.

• RIP J.D. Salinger. @gabbycat let us know (via @TerryMoran) that the @NewYorker made all of J.D. Salinger’s short stories available online.
• There was a lot of chatter online regarding Apple’s announcement of the iPad. What do you think about it, and do you plan on getting one?
• @eWeekSecWatch had an article titled “Possible Worm Prank No Laughing Matter“.
• @zdnet posted the story “RealPlayer haunted by 11 critical vulnerabilities“.
• @mashable gave us food for thought on our favorite toolbar with their story “Google Toolbar Keeps Tracking Your Browsing Even After You Choose Disable?“.
• It’s @mashable again with their post “More Security Flaws Found in Internet Explorer“.
• @CVG_UK tells us that a hacker claims “I have read/write access to the entire system memory…” on the Playstation 3. Is this good or bad for PS3 gamers?
• Author and uber-blogger @GuyKawasaki tweeted 15 reasons a business’ security gets compromised“.
• @ParentsLoveKids helps remind us all there’s a reason it’s called dope with their post “Sheriff Uses Software To Scare Kids Away From Drugs“.

And here’s a StopSign blog post we talked about on Twitter, too…

• We released a new blog article titled “7 Tips for Better Email Etiquette“. In it you’ll find ways to not only be courteous, but also to make sure that your point gets across.

Thanks for taking the time to check out our blog! We want to hear from you on the @stopsignblog Twitter account and here on our blog, so don’t be afraid to ask us a question, give us some feedback or just say “Hi”.

Here are a few selected RT’s and assorted information from the StopSign Twitter account you may have missed this week. Did we miss anything? Please let us know by leaving a comment below.

• @Twitter_Tips Twitter becoming crucial for journalism research: http://j.mp/60aOS7
• @KING5Seattle Toyota recalls 2.3 million vehicles: http://bit.ly/7fwIbN via @msnbc
• @tobych Super new library, Cheat Sheets for Developers: http://bit.ly/4W2TdO
• @SueScheff What parents need to know about Cell Phones http://bit.ly/8w0zmx San Saba News #parenting
• @gift_girl Wishpot is featured in the January 2010 issue of @SacParentMag! So honored!
• @KING5Seattle Bellingham Father in #Haiti to bring back adoptive kids: http://bit.ly/92Fenx
• @binhog737 RT @AirlineReporter BLOG: Man Arrested After Tweeting Bomb Threat http://bit.ly/6sGrfX
• @KING5Seattle President Obama pays tribute to Dr. Martin Luther King, Jr: http://bit.ly/4NYZa9
• @OC_Melanie Going to Starbucks? Help Haiti while you’re there! http://ow.ly/XTft
• @SueScheff RT @JaneBalvanz If you want children to keep their feet on the ground, put some responsibility on their shoulders. via @Abel2xnavarro
• @KING5Seattle Warning about fake #Haiti fundraisers on Facebook: http://bit.ly/6Jd6qK via @msnbc
• Via @arstechnica “ENUM: Dragging telephone numbers into the Internet Age” http://bit.ly/4NExZi Interesting AND scary, all at once.
• RT @TechCrunch: Twitter’s Answer To Facebook Connect http://bit.ly/5Fax12
• @DivaJulia Conan lists Tonight Show set on Craigslist. THIS is why we love him. http://dippedincream.com/?p=4213
• Via @KitsapSun “Kitsap students learn to prevent bullying and harassment” http://bit.ly/6fcZ4I #cyberbullying
• @BloggerCentral Boy Genius Report: T-Mobile responds to Verizon’s lower pricing by lowering smartphone prices http://bit.ly/6UPqZu #BC

And here are a couple of StopSign blog posts we talked about on Twitter, too…

• Via @stopsignblog Five New Years Resolution Suggestions. http://bit.ly/6mqBAV Please RT
• Via @stopsignblog 62 Common Internet & Texting Acronyms http://bit.ly/80c9D0 Please RT
• Via @stopsignblog Sure-Fire Ways to Keep Spyware Away http://bit.ly/5NixFd Please RT
• Via @stopsignblog Beware of Haiti Relief Scams! http://bit.ly/7i8lIr Please RT

Have a great weekend, and keep those tweets coming! We’d love to hear from you on the @stopsignblog Twitter account and here on our blog.

Some of you may have noticed that Windows OneCare Live has recently been flagging StopSign as malware. This is a false positive! This happens sometimes among Internet security software providers. We’ve been in contact with Microsoft’s team, they’ve acknowledged that it’s a false positive, and they’re working on a resolution.

Here’s a quote from an email by our lead software developer regarding this issue:

I’ve just received an email from Microsoft stating that they believe that they have correctly fixed the false positive problem, and the fix will be included in the updated set of definitions, which should be published in the next day or so.

When the update is released publicly we’ll make an update to this post, so please check back if you’d like to know when the fix to this false positive is live.

UPDATE (01/22/2010): The Microsoft Malware Protection Center has confirmed the false positive and fixed the original bug. Here is an excerpt from their email confirmation:

Thank you for your recent inquiry about StopSign Internet Security and the issue you reported. The definition library for Microsoft Windows Defender has been updated to version 1.71.2391.0. We believe this new definition library contains the updates necessary to address the issue that you raised. This new definition library is now available for users who subscribe to the automatic definition update mechanism, as well as users who choose to manually update their definition library.

However, you may have noticed I wrote “…the original bug.” It looks like they have a new false positive in the safe file affected last time, and we have a new update request in to them. More details as we get them.

UPDATE (03/03/2010): The Microsoft Malware Protection Center has released a new signature to fix the false positive (“Adware:Win32/Exact“) addressed in this post. This should close out the false positive.

It’s hard to believe that in a time of crisis people could stoop so low as to try to scam people trying to help out those in need. The Haitian earthquake disaster of January 12th 2010, however, has seen it’s fair share of scammers preying on those who would help.

If you’re looking for a way to donate to help the people of Haiti, we suggest you go directly to the charitable organization(s) themselves, or through a trusted source, in order for you to not fall for a scam. To help you find a reliable source we have put the links of a few organizations who are taking the donations and putting the money to good use.

• Red Cross Donation Page

  Clicking on this link takes you to the Red Cross donation form online, where you may choose how you would like your donation distributed.

• Google Disaster Relief Page

  You may also visit Google’s page to donate to other charities such as UNICEF and CARE.

• If you’d like a really simple way to donate, you may donate to the Red Cross via a text message. Just text the word “HAITI” to 90999 and $10 will be sent to Red Cross relief efforts.

UPDATE: USA Today has an article about the FBI fielding over 170 Haiti fund-raising scams recently. The FBI has a team of computer analysts and fraud investigators reviewing the scam complaints.

Windows 7, Microsoft’s newest operating system, is set for release on October 22nd, 2009, and we are proud to announce that StopSign® Internet Security is now compatible with Windows 7. (With a month to spare!) Our software development teams have been working overtime to ensure that our loyal customers who upgrade, or buy a new PC with Windows 7, can rest assured that they will be able to use StopSign immediately.