The Justice Department recently nabbed 21 scammers who defrauded at least 15,000 victims in the United States alone. Posing as IRS employees, the scammers extracted from their victims fake penalties, racking up big numbers. Millions of dollars changed hands between 2012 and 2016, and the personally identifiable information of more than 50,000 individuals was misused.
Unfortunately, that's the good news.
The bad news is that there are more scammers out there using similar methods that haven't been caught yet.
Here's how the phone scams work and how you can keep yourself and your business from getting got.
The Anatomy of the IRS Call Scam
One of the first rules of any successful scam or fraud is to pick the right target. In this version of the IRS scam, callers specifically targeted the elderly and immigrants, often using information gleaned by data brokers and sold on the open market. As we've seen many times at this point, personally identifiable information is all too easy to acquire, either through illicit means or through services that accumulate and sell consumer data legally.
Immigrants were typically threatened with deportation for non-payment, and the elderly were more often threatened with heavy and significant penalties. For both groups, payments were typically demanded in pre-paid bank cards or via wire transfers, both of which are near-impossible to recover once they've been sent off.
One of the reasons why the scam worked so well is that it preyed on basic emotion, in this case fear. The elderly are often financially vulnerable, which makes the specter of paying tens of thousands of dollars in fines enough to provoke a panic payment. Immigrants can be susceptible to threats of getting kicked out of the country or reported to ICE.
Slamming and Cramming
This particular scam has been around in one form or another since at least the mid-80s. There are a few variations, but the primary goal is to add bills and charges onto the victim's phone service.
The term slamming originally came about following the deregulation of phone companies, when customers would find their long distance carriers changed without their notice or consent, and has since made the jump to mobile with "cramming," where cell phone owners get stuck with the bill for unwanted services from third parties.
Cramming has gotten increasingly problematic as more people have adopted cell phones and have been getting add-on services. Texting to donate to charities and campaigns, and adding on extra services like premium ringtones have made it relatively easy for scammers to fly beneath the radar and add charges to users' phones to which they hadn't provided consent, intentionally or otherwise.
The FTC is currently reviewing protections for both cramming and scamming, but the best protections for businesses and individuals alike is to block any third-party billing on landlines and mobile phones, and block out any additional services for businesses including 900 numbers and collect calls, And most importantly, review any and all charges from phone companies--you may find a few surprises on there.
Smishing is a new update on the tried-and-true phone scam, where instead of receiving a phone call, you receive a text telling you about an issue with your account, and directing you to either reply to the text, or follow a link through to go to a website. While the method isn't very different from the classic phone scam, it can open up the target to a broader set of consequences than being conned out of money.
What's at issue here: You're first giving the scammer confirmation that you have an active cell number, are a willing recipient of texts, and are willing to click on whatever's being sent. By clicking on a link coming through to your phone, you're opening yourself up to phishing attacks, downloading malicious software, and potentially compromising privileged personal or business-based information.
How These Scams Could Affect Your Business:
Scams affect the entire family. The aftermath can be costly and time-consuming. By constantly educating your employees about dangers that could affect their entire family, you may save both them and yourself from the inconvenience and loss of time associated with a successful scam.
What to do:
Always keep a calm head when you receive a threatening-sounding call. The IRS mails bills and notifications first and doesn't use immigration-based threats as a means of collection. Anytime you receive a call (tax-related or otherwise) that seems especially ominous or threatening, remember that a scammer's first priority is to make sure you're not thinking clearly.
Never give out a personal cell number.
Don't install dodgy apps
Don't sign up for text notifications from businesses you don't know and trust
Block texts from numbers you don't know.
Practice the Three Ms
1. Minimize your exposure. Don't authenticate yourself to anyone unless you are in control of the interaction, don't overshare on social media, be a good steward of your passwords, safeguard any documents that can be used to hijack your identity, and consider freezing your credit.
2. Monitor your accounts. Check your credit report religiously, keep track of your credit score, review major accounts daily if possible. (You can check two of your credit scores for free every month on Credit.com.) If you prefer a more laid-back approach, sign up for free transaction alerts from financial services institutions and credit card companies, or purchase a sophisticated credit and identity monitoring program.
3. Manage the damage. Make sure you get on top of any incursion into your identity quickly and/or enroll in a program where professionals help you navigate and resolve identity compromises--oftentimes available for free, or at minimal cost, through insurance companies, financial services institutions, and HR departments.