Watch Out for Fake Tax 'Rebate' Sites

It's not exactly tax-filing time in the United States, but that doesn't mean online scammers aren't out to capture the money owed to you by Uncle Sam.

A scam Web site spotted recently by Security Fix is one of a steady stream of sites experts say surface year-round aiming to intercept tax refunds, fleece filers of their personal and financial details, and potentially expose e-filers to a later audit by the Internal Revenue Service.

This latest scam page, Rebate4File.com, is one such example. While the typical mid-April deadline for filing federal income taxes is long gone, this one may have surfaced due to the fact that Oct. 15 is a deadline for submitting tax returns for people who have filed for an extension.

This site, erected on Aug. 4, according to Web site domain records, represents one of two main IRS tax scams that we've seen over the years (the site is on a Web host that's home to two other recently registered sites, including "youbeenbanned.com"). While neither of these sites has yet been flagged by the anti-phishing toolbars built into the Internet Explorer 7 or Firefox Web browsers, I'd advise against visiting them for the time being.

The most common of these scams involves an unsolicited e-mail that notifies the recipient that he or she is due a refund from the federal government, and that all they need do to receive the money is supply a credit card number, which will allegedly be credited with the balance due.

The second, increasingly common scam employed by Rebate4File.com is far more nefarious. It involves Web sites that represent themselves as legitimate members of the IRS's sprawling "e-file" program, which allows third-party tax preparers to offer free online tax filing services to certain U.S. citizens.

Advertised via spam e-mail and by spam campaigns that boost the sites' rankings in search engine results, the scam sites look extremely legitimate. Scam sites like Rebate4File.com include the seal of several companies designed to instill trust, such as the IRS's own "e-file" logo, along with another seal from TRUSTe, a Web site security and privacy accreditation group (neither of logos are clickable on the fake site; on legitimate sites they would be and would take a user to the required verification pages.)

If you agree to file your taxes at a site like Rebate4File.com, the site may in fact go ahead and file your taxes with one of the legitimate, free e-filing companies approved by the IRS. The catch is that alongside your personal and financial data, the scammers direct any refunds to bank accounts that they control. So, if you are indeed due a refund, the money gets sent to the scammers' account, not yours.

What's more, the thieves now have every bit of data they'd need about you and/or your family to open new accounts in your name and conduct all manner of identity theft. Worse still, as far as the IRS is concerned, victims may still owe money to the federal government, potentially exposing them to future audits by the IRS.

Due in part to a spike in the number of such scam e-file sites, the IRS recently issued new guidelines for participating e-file companies that would allow the government to quickly distinguish between approved and non-approved e-file vendors. The deadline for the submission of information required to become a certified e-file Web site is tomorrow.

(Note also this variation on the IRS e-mail scam.)

By Brian Krebs |  August 8, 2007; 8:51 AM ET Fraud , From the Bunker , Latest Warnings , Safety Tips
Previous: Internet Explorer and Your Web Site's Privacy | Next: Attacks Prompt Update for 'Tor' Anonymity Network

Posted by: Edgar Dworsky | August 8, 2007 9:33 AM

Posted by: Bk | August 8, 2007 9:44 AM

Posted by: KarelJan, Amsterdam | August 8, 2007 1:14 PM

Posted by: Suzi | August 8, 2007 7:49 PM

Posted by: Sue | August 13, 2007 12:17 PM

The comments to this entry are closed.