Identity thieves are expanding their phishing repertoire from banks and credit card companies to federal agencies, reports the Associated Press
Masquerading as the Federal Trade Commission, the IRS and the Justice Department, criminals send out thousands of emails in order to trick customers into giving out personal financial information. These websites often include attachments that when opened install spyware that can capture personal information and send it to third parties over the Internet.
The Treasury Department said it had been deluged with over 23,000 complaints about IRS-related phishing scams since an investigative arm of the department began tracking them in November 2005.
The scams have been "unprecedented both in terms of sophistication and the volume of reports we have received," J. Russell George, Treasury inspector general for tax administration, said in a written statement.
A typical scam would inform the recipient that they have a tax refund, or that they are under investigation by the IRS, said Michelle Lamishaw, an IRS spokeswoman.
But federal agencies don't often contact people via email.
"We are the agency that brought you the Do Not Call Registry and CAN-SPAM," said Lois Greisman, associate director of the FTC's division of marketing practices, referring to a 2003 law restricting commercial spam. "We're not likely to send out unsolicited e-mails."
Despite this, consumers are still frequent victims of phishing scams. The number of phishing Web sites jumped to 37,438 in May. It's estimated that consumers lost $630 million to phishing scams during the last two years, but a recent report from the Government Accountability Office put the figure at $1 billion annually.
The sites are so convincing that despite efforts to educate the public, over 8.2 percent of online households have submitted personal information in response to fraudulent emails in the past two years.