David Kirkpatrick

March 3, 2010

Dirty ISPs better watch out

A new ranking system from the Oak Ridge National Laboratory and Indiana University will ferret out providers run by cybercriminals.

From the link (goes to Oak Ridge National Laboratory story tips for March 2010):

Cybercrime—Exposing hackers . . .

Unscrupulous Internet service providers will have no place to hide because of a ranking system conceived by researchers at Oak Ridge National Laboratory and Indiana University. “Criminal enterprises have created entire Internet service providers dedicated to sending spam, phishing messages or spreading viruses,” said Craig Shue of ORNL’s Computational Sciences and Engineering Division. While some have been caught by the Federal Trade Commission or other Internet service providers unwilling to do business with them, many are able to escape detection. “These other Internet service providers have customers whose machines become infected and can be used to launch attacks or steal the customer’s data,” Shue said. This work, which creates a ranking system Shue likened to grading systems for comparing school districts, is funded in part by the National Science Foundation and Indiana University.

December 9, 2009

The sophistication of cybercrime

Filed under: Business, Media, Technology — Tags: , , , , , , — David Kirkpatrick @ 2:02 pm

It’s not about DDoS, phishing and Nigerian 419 scams any more. Now the main targets for these criminals are your data and social networking sites.

From the link:

What do phishing, instant messaging malware, DDoS attacks and 419 scams have in common? According to Cisco Systems, they’re all has-been cybercrimes that were supplanted by slicker, more menacing forms of cybercrime over the past year.In its 2009 Annual Security Report, due to be released Tuesday, Cisco says that the smart cyber-criminals are moving on.

“Social media and the data-theft Trojans are the things that are really in their ascent,” said Patrick Peterson, a Cisco researcher. “You can see them replacing a lot of the old-school things.”

Peterson is talking about attacks such as the Koobface worm, which spreads via Facebook and Twitter. Koobface asks victims to look at a fake YouTube video, which ultimately leads to a malicious download. Cisco estimates that Koobface has now infected more than 3 million computers, and security vendors such as Symantec expect social network attacks to be a major problem in 2010.

Another sneaky attack: the Zeus password-stealing Trojan. According to Cisco, Zeus variants infected almost 4 million computers in 2009. Eastern European gangs use Zeus to hack into bank accounts. They then use their networks of money mules to wire stolen funds out of the U.S. They have been linked to about $100 million in bank losses, some of which have been recovered, the U.S. Federal Bureau of Investigation said last month.

April 14, 2009

IRS list of “dirty dozen” tax scams

Filed under: Business, Politics — Tags: , , , , — David Kirkpatrick @ 2:00 pm

The release from the IRS:

Beware of IRS’ 2009 “Dirty Dozen” Tax Scams

 
IR-2009-41, April 13, 2009

Video: English     American Sign Language  Text
   
WASHINGTON — The Internal Revenue Service today issued its 2009 “dirty dozen” list of tax scams, including schemes involving phishing, hiding income offshore and false claims for refunds.

“Taxpayers should be wary of scams to avoid paying taxes that seem too good to be true, especially during these challenging economic times,” IRS Commissioner Doug Shulman said. “There is no secret trick that can eliminate a person’s tax obligations. People should be wary of anyone peddling any of these scams.”

Tax schemes are illegal and can lead to problems for both scam artists and taxpayers who risk significant penalties, interest and possible criminal prosecution.

The IRS urges taxpayers to avoid these common schemes:

Phishing

Phishing is a tactic used by Internet-based scam artists to trick unsuspecting victims into revealing personal or financial information. The criminals use the information to steal the victim’s identity, access bank accounts, run up credit card charges or apply for loans in the victim’s name.

Phishing scams often take the form of an e-mail that appears to come from a legitimate source, including the IRS. The IRS never initiates unsolicited e-mail contact with taxpayers about their tax issues. Taxpayers who receive unsolicited e-mails that claim to be from the IRS can forward the message to phishing@irs.gov. Further instructions are available at IRS.gov. To date, taxpayers have forwarded scam e-mails reflecting thousands of confirmed IRS phishing sites. If you believe you have been the target of an identity thief, information is available at IRS.gov.

Hiding Income Offshore

The IRS aggressively pursues taxpayers and promoters involved in abusive offshore transactions. Taxpayers have tried to avoid or evade U.S. income tax by hiding income in offshore banks, brokerage accounts or through other entities. Recently, the IRS provided guidance to auditors on how to deal with those hiding income offshore in undisclosed accounts. The IRS draws a clear line between taxpayers with offshore accounts who voluntarily come forward and those who fail to come forward.

Taxpayers also evade taxes by using offshore debit cards, credit cards, wire transfers, foreign trusts, employee-leasing schemes, private annuities or life insurance plans. The IRS has also identified abusive offshore schemes including those that involve use of electronic funds transfer and payment systems, offshore business merchant accounts and private banking relationships.

Filing False or Misleading Forms

The IRS is seeing scam artists file false or misleading returns to claim refunds that they are not entitled to. Frivolous information returns, such as Form 1099-Original Issue Discount (OID), claiming false withholding credits are used to legitimize erroneous refund claims. The new scam has evolved from an earlier phony argument that a “strawman” bank account has been created for each citizen. Under this scheme, taxpayers fabricate an information return, arguing they used their “strawman” account to pay for goods and services and falsely claim the corresponding amount as withholding as a way to seek a tax refund.

Abuse of Charitable Organizations and Deductions

The IRS continues to observe the misuse of tax-exempt organizations. Abuse includes arrangements to improperly shield income or assets from taxation and attempts by donors to maintain control over donated assets or income from donated property. The IRS also continues to investigate various schemes involving the donation of non-cash assets, including easements on property, closely-held corporate stock and real property. Often, the donations are highly overvalued or the organization receiving the donation promises that the donor can purchase the items back at a later date at a price the donor sets. The Pension Protection Act of 2006 imposed increased penalties for inaccurate appraisals and new definitions of qualified appraisals and qualified appraisers for taxpayers claiming charitable contributions.

Return Preparer Fraud

Dishonest return preparers can cause many headaches for taxpayers who fall victim to their ploys. Such preparers derive financial gain by skimming a portion of their clients’ refunds and charging inflated fees for return preparation services. They attract new clients by promising large refunds. Taxpayers should choose carefully when hiring a tax preparer. As the saying goes, if it sounds too good to be true, it probably is. No matter who prepares the return, the taxpayer is ultimately responsible for its accuracy. Since 2002, the courts have issued injunctions ordering dozens of individuals to cease preparing returns, and the Department of Justice has filed complaints against dozens of others, which are pending in court.

Frivolous Arguments

Promoters of frivolous schemes encourage people to make unreasonable and unfounded claims to avoid paying the taxes they owe. The IRS has a list of frivolous legal positions that taxpayers should stay away from. Taxpayers who file a tax return or make a submission based on one of the positions on the list are subject to a $5,000 penalty. More information is available on IRS.gov.

False Claims for Refund and Requests for Abatement

This scam involves a request for abatement of previously assessed tax using Form 843, Claim for Refund and Request for Abatement. Many individuals who try this have not previously filed tax returns. The tax they are trying to have abated has been assessed by the IRS through the Substitute for Return Program. The filer uses Form 843 to list reasons for the request. Often, one of the reasons given is “Failed to properly compute and/or calculate Section 83-Property Transferred in Connection with Performance of Service.”

Abusive Retirement Plans

The IRS continues to uncover abuses in retirement plan arrangements, including Roth Individual Retirement Arrangements (IRAs). The IRS is looking for transactions that taxpayers are using to avoid the limitations on contributions to IRAs as well as transactions that are not properly reported as early distributions. Taxpayers should be wary of advisers who encourage them to shift appreciated assets into IRAs or companies owned by their IRAs at less than fair market value to circumvent annual contribution limits. Other variations have included the use of limited liability companies to engage in activity which is considered prohibited.

Disguised Corporate Ownership

Some taxpayers form corporations and other entities in certain states for the primary purpose of disguising the ownership of a business or financial activity. Such entities can be used to facilitate underreporting of income, fictitious deductions, non-filing of tax returns, participating in listed transactions, money laundering, financial crimes, and even terrorist financing. The IRS is working with state authorities to identify these entities and to bring the owners of these entities into compliance.

Zero Wages

Filing a phony wage- or income-related information return to replace a legitimate information return has been used as an illegal method to lower the amount of taxes owed. Typically, a Form 4852 (Substitute Form W-2) or a “corrected” Form 1099 is used as a way to improperly reduce taxable income to zero. The taxpayer also may submit a statement rebutting wages and taxes reported by a payer to the IRS. Sometimes fraudsters even include an explanation on their Form 4852 that cites statutory language on the definition of wages or may include some reference to a paying company that refuses to issue a corrected Form W-2 for fear of IRS retaliation. Taxpayers should resist any temptation to participate in any of the variations of this scheme.

Misuse of Trusts

For years, unscrupulous promoters have urged taxpayers to transfer assets into trusts. While there are many legitimate, valid uses of trusts in tax and estate planning, some promoted transactions promise reduction of income subject to tax, deductions for personal expenses and reduced estate or gift taxes. Such trusts rarely deliver the promised tax benefits and are being used primarily as a means to avoid income tax liability and hide assets from creditors, including the IRS.

The IRS has recently seen an increase in the improper use of private annuity trusts and foreign trusts to divert income and deduct personal expenses. As with other arrangements, taxpayers should seek the advice of a trusted professional before entering into a trust arrangement.

Fuel Tax Credit Scams

The IRS is receiving claims for the fuel tax credit that are unreasonable. Some taxpayers, such as farmers who use fuel for off-highway business purposes, may be eligible for the fuel tax credit. But some individuals are claiming the tax credit for nontaxable uses of fuel when their occupation or income level makes the claim unreasonable. Fraud involving the fuel tax credit is considered a frivolous tax claim, potentially subjecting those who improperly claim the credit to a $5,000 penalty.

How to Report Suspected Tax Fraud Activity

Suspected tax fraud can be reported to the IRS using Form 3949-A, Information Referral. Form 3949-A is available for download from the IRS Web site at IRS.gov. The completed form or a letter detailing the alleged fraudulent activity should be addressed to the Internal Revenue Service, Fresno, CA 93888. The mailing should include specific information about who is being reported, the activity being reported, how the activity became known, when the alleged violation took place, the amount of money involved and any other information that might be helpful in an investigation. The person filing the report is not required to self-identify, although it is helpful to do so. The identity of the person filing the report can be kept confidential.

Whistleblowers also may provide allegations of fraud to the IRS and may be eligible for a reward by filing Form 211, Application for Award for Original Information, and following the procedures outlined in Notice 2008-4, Claims Submitted to the IRS Whistleblower Office under Section 7623.

January 23, 2009

Be on the lookout …

Filed under: Technology — Tags: , , , , — David Kirkpatrick @ 12:31 am

… for this new phishing attack. Sounds like it might catch the unwary.

From the link:

A vulnerability in major browsers recently discovered by Trusteer could make this trick much more dangerous, by allowing for “in-session phishing” and a more tailored attack. Using this new vulnerability, a phisher could detect, via the hacked site, when a user was already logged in to a banking website. The hacked site could then launch a pop-up warning the user that her session has timed out and asking her to reenter her login details. This approach would be less likely to raise a red flag, says Klein, since the pop-up does not appear completely out of the blue.

The core vulnerability discovered by the Israeli researchers is a Web browser flaw that lets the phisher see what other websites a person is visiting. Klein explains that a certain JavaScript function, commonly used by online retailers, financial institutions, and other sites, leaves a footprint revealing that the user is logged in to that site. Klein says that protections such as pop-up blockers wouldn’t necessarily derail the attack because the hacked site could itself be altered to seem like a request to log in again.