Your Check is In the Mail

The economic stimulus payments are starting to be sent. Email scams are frequent and it is worth reminding your customers of some facts. The IRS already has their information. There is no need to respond to any email requests for verification, or to direct deposit it versus sending a check. The IRS is using the same method of refunding for the stimulus payments as was selected by the taxpayer for any 2007 refund. If they opted for a check, a check will be sent to that address. If the taxpayer opted for direct deposit, that is where the stimulus payment will be sent.

Are your tellers and CSRs prepared to field your customers questions:

• Will the bank tell me the money is in my account?
  
• What if I have closed the account I had for my refund, but have a new account with you now?
  
• How much am I getting?
  
• When will my check be sent?
  

You should be prepared with resources and talk-offs for your staff.

Need to calculate your stimulus payment?
http://www.irs.gov/app/espc/

Want to know when payments are scheduled for delivery?
http://www.irs.gov/irs/article/0,,id=180250,00.html

Where the Phishing is Best

Symantec, the security software company, released its, "The State of Phishing" report. In February, the most popular of attacks were seeking money through fraudulent tax refunds.

Also of note, 84 percent of fraud activity was directed at the finance industry. Key targets were banking sites and e-commerce in general. 13 percent was targeted at information services where sending spam was the desired use of that information.

On a brighter note, the number of unique sites used for phishing fell 1.8 percent in February 2008 as compared to the month before.

You have an IRS refund, and someone wants it.

Even before the Economic Stimulus package was approved, scammers were sending emails wanting to verify consumers personal information to process their refunds. It is a scam and the emails are continuing to come.

The Federal Trade Commission has issued a warning to consumers advising them that the IRS and Social Security Administration do not collect refund or rebate information by telephone or email. This is a phishing attempt to get personal information over the phone or a phony website. This information could then be used to facilitate identity theft.

Urge your customers to keep their confidential information confidential. Consumers should not provide this information over the web and certainly not to someone who calls them. Even if the caller provides a number to call them back, consumers should verify that the number is correct. These scammers are known to provide fake call-back numbers that just ring in their offices, just like they'll provide false website addresses.

Watch Out for a Valentine's Day Storm

The FBI issued a warning that the Storm Virus may be attached to to St. Valentine's Day e-cards. The reader will have a link to click and that will take them to a malicious site where the virus can infect the readers computer.

If you are not expecting an e-card or don't know the sender, don't open the card.

The FBI asks that if you have received this, or a similar e-mail, please file a complaint at www.ic3.gov.

CAN SPAM Enforcement

You may not know the name Alan Ralsky or the names of the other ten defendants indicted with him, but there is a strong chance they know you...or at least your email address. Ralsky and ten others have been indicted in possibly the largest criminal spam and electronic fraud case in our history. They sent millions of spam messages every day including many of those pump and dump messages many of us received. This will represent enforcement of the CAN SPAM law as well as conspiracy, electronic mail fraud, mail fraud and wire fraud..

File Sharing Software - Tax Returns, Bank Statements and More

Gregory Kopiloff recently pleaded guilty to one count each of mail fraud, accessing a protected computer without authorization to further fraud, and aggravated identity theft. He was using file sharing programs like Limewire to commit identity theft. Individuals have been prosecuted for using these programs to share copyrighted music and movies in the past, but this was the first case, the Justice Department said, where they were used for identity theft.

Using the file sharing programs, Kopiloff accessed confidential computer files including tax returns, credit reports, bank statements and student financial aid applications. He also used old school methods to to gain this information including stealing mail and dumpster diving.

Kopiloff will be sentenced January 28 and faces 20 years imprisonment and a $250,000 fine for the mail fraud charge, five years imprisonment and a $250,000 fine for accessing a protected computer. Aggravated identity theft carries a two year sentence, which can be served consecutively with his other penalties.

Phishing in the Little Ponds

You might think that phishing only happens to the big nationwide and international banks where there is a big pool of users to increase the chances of getting results. Not always true.

Bank of the Cascades in Bend, OR has fallen victim to a phishing scam. Many of their customers are getting an offer to pay them $100 for clicking a survey link. In about ten days, early this month, 13 customers have fallen for this and provided confidential information to collect their money. The bank has replaced the $15,000 taken so far.

The bank has a warning on their homepage and a link to good information for internet banking customers so they can avoid a loss.

Are you prepared to react to a phishing attempt at your bank? What will you tell your customers, the press, post on your web site, and what information will you provide your CSRs to handle these issues? If you don't have a plan, there is no time like the present.