
If a Caller Says, 'I Am with the IRS,' He's Not - adamnemecek
http://www.npr.org/blogs/thetwo-way/2015/04/03/397092679/if-a-caller-says-i-am-with-the-irs-hes-not
======
WalterBright
If the caller ID says "anonymous" or "unknown", I don't answer. I refuse to
talk to callers who won't identify themselves. That gets rid of most of them.
For the rest, if there are a few seconds of silence after I answer, it's a
robocaller and I hang up.

~~~
petercooper
I used to do the same, but then discovered my bank's fraud department comes up
as unknown.. ugh. Calling them back is far more annoying than just answering
all the calls.

~~~
igonvalue
How's this for annoying? I once received a call from a bank's (Citibank?)
fraud department, but wasn't sure it was really them or a scammer. I asked for
a callback number and then called the known number on the back of my card to
verify that the fraud department call was legitimate. The Citibank
representative said that they were unable to either confirm or deny that that
was a valid Citibank number.

~~~
ipsin
What worked well for me was to tell the caller that I wanted to call them back
for security reasons, and write down the number.

Searching for that phone number will (if it's legit) likely point to a contact
page on the bank's website.

~~~
igonvalue
In this case, a Google search didn't turn up any results on an official
website, but didn't turn up any any definitive proof that it was a scam
either.

------
fsk
My parents got one of these calls and it really made them panic. They're
getting older now.

They should put more enforcement effort into catching these people. You record
everyone's phone calls and you still can't catch people pretending to be IRS
agents?

~~~
ccvannorman
be careful what you wish for -- allowing use of nsa recorded phone
conversations for non-terrorist crimes means they set a precedent for using
those recordings against any citizen for any infraction, no matter how minor.
there is a good reason we DON'T accept the use of warrantlessly obtained phone
recordings in bulk (at least not yet).

~~~
saraid216
I always appreciate it when you guys are honest about your willingness to let
people get hurt for the sake of principle.

~~~
thaumasiotes
Think about the alternative. If you're not willing to let anyone get hurt for
the sake of principle, the _only_ principle you can ever hold is "don't ever
let anyone get hurt for any reason, no matter what". In the first place,
that's impossible. In the second, the more you attempt to force people not to
get hurt, the worse off you make everyone's lives. We can't all live shut in
padded rooms.

~~~
saraid216
Indeed. This is an excellent explanation of exactly how fundamentalism works:
everything must reduce and cohere down to a particular set of principles,
rather than reacting and adapting to reality with an understanding that the
present understanding of morality isn't fixed and is subject to change.

Once you pick a line in the sand you will not budge over, you have maimed your
capacity for reason. So yes, the only principle I could ever hold is an
impossible one. Fortunately, I do not hold it.

------
corysama
I was contacted by one of these scams recently. A quick Google for key terms
in the message (the "officer"'s name and the phone number) showed it to be a
scam that particularly enjoyed exploiting immigrants because they are very
likely to pay quickly to keep everything quiet. How they have been able to
operate such a scam for years without getting arrested is beyond me.

~~~
enraged_camel
>>How they have been able to operate such a scam for years without getting
arrested is beyond me.

Yep, I'm flabbergasted. Impersonating a federal officer is a felony, _and_ on
top of that, the IRS takes its shit seriously and hates getting screwed with.

~~~
esmi
I doubt they're in the US. voip and one compromised something with an ethernet
connection and a modem.

~~~
MichaelGG
It's that, plus it's not being investigated very seriously. I ran a VoIP
company, and supposed federal investigators wouldn't even go through the
hassle of getting s legal order for customer information.

It's the same for robodialling. The FCC or anyone could put a major crimp if
they wanted to, but no one really digs into complaints very much.

------
tempestn
Some of these scams can be extremely elaborate and sophisticated. Does anyone
remember this one, where the scammer already knows all your personal info,
tells you to call the number on the back of your card, and _when you do so_
you end up still talking to the scammer?
[http://www.theguardian.com/money/blog/2013/jul/29/courier-
sc...](http://www.theguardian.com/money/blog/2013/jul/29/courier-scam-lose-
money-bank-cards)

------
nlh
I'm not sure if their policy has changed recently, but at least as of a few
years ago, the IRS definitely did call you.

I got audited (joy!) and was notified by a relatively-friendly phone call by
the auditing agent.

Now, she was following up on a letter she'd sent first (to an old, invalid
address), to which I hadn't replied, so the "we contact you by mail" thing is
also correct. But at least in my case, they most definitely (and legitimately)
called.

~~~
AznHisoka
I'm curious - what happens after you get audited?

~~~
derekp7
In one case, I got an audit letter, said it was a random audit, and everything
checked out. A second time, I got a letter that I made an addition error (in
their favor), and ended up getting another couple hundred bucks back.

An audit can also result in them asking for a paper trail to back up what you
claimed. Keep in mind that many of the common items (interest earned, mortgage
interest paid, etc) are all filed with the IRS by third parties, via a 1099 or
1098 form. But for some other items that you can claim deductions on, such as
business expenses, you will need to provide them a copy of the receipts if
they ask. If you can't back it up, they adjust what you owe, and may apply
interest / penalties, which you will have to pay. If not, they can do things
like garnish wages, freeze bank accounts, etc. But that will come after a
court judgement typically.

Keep in mind that some of the items they will go after: If you turn in
expenses at work, and they reimburse you for that, the IRS may still require
you to retain the receipts to show that it is a valid business expense that
you got paid for -- otherwise they can consider that income and tax you on it.

------
phkahler
I honestly don't understand why caller ID can be spoofed or disabled by the
caller. The only things this enables are illegal and/or annoying. In this
case, one should be able to report the number to the authorities and they
should be able to identify fraudsters very quickly and put some people in
jail.

~~~
pandaman
There are legitimate uses for "spoofed" caller ID (it's not really spoofed,
it's whatever the call originator declared to be, you can originate calls
without ability to terminate them so a particular call may not have a "real"
originating phone number at all).

E.g. companies use their 800-number or some kind of central dispatch to ID all
their phones.

Google Voice has an option to show the original caller ID on forwarded calls
or your own Google Voice number, both seem to be more useful than an ID of
whatever box Google used to originate the call to you at the moment.

Basically the caller ID is as useful as the reply-to in e-mail: if you want to
get replies then you make sure you fill it with correct information but it's
not authenticating the sender by any means.

~~~
tjohns
Caller ID as a Reply-To header is a really good way to think about it.

It's worth noting that there is a more reliable piece of data for actually
identifying callers: the ANI field. It doesn't show up on caller ID, but if
you run your own PBX you might be able to log it. Its used for billing
purposes, so it's much harder to spoof.

If you own your own PBX, you can modify Caller ID, but you can't modify ANI.

More info:
[http://en.m.wikipedia.org/wiki/Automatic_number_identificati...](http://en.m.wikipedia.org/wiki/Automatic_number_identification)

~~~
Scoundreller
So if I make a call with an outgoing VoIP service and set my caller-id to a
particular number, what gets sent as the ANI?

The scammers are definitely using a VoIP service around here anyway...

Though my understanding is that ANI isn't blockable by the caller. So if you
have a toll-free number, you can see the calling number for callers that have
blocked their caller id.

------
jpmattia
I find it odd that the article did not comment on why the scam works: Many
folks have the perception is that the IRS is an unreasonable, strong-arming
organization.

(Not that I've had any large issues, but I've found the agents there to be
fairly reasonable for the small stuff I've dealt with.)

------
300bps
Since I signed up for the free (to consumers) www.nomorobo.com the scam calls
don't bother me anymore. They won an award from the FTC for innovative ways to
stop automated phone calls. You use your phone service's simultaneous ring
feature to ring your house and Nomorobo at the same time. If the call is from
a known scammer / automated dialer it picks up the call and immediately hangs
up. So your phone only rings once.

------
saurabhtandon
Recently my friend from work got a similar call which asked him to transfer
$5000 immediately or else he will get arrested for improper tax filing/tax
evasiongoo within 30 minutes!!! Being new to the US, he was scared and started
panicking. But people calmed him down and told him to ignore it. He might have
transferred the amount if he had no one to consult that day.

------
thesimon
Relevant:
[https://www.youtube.com/watch?v=ZSIO2z3qrwA](https://www.youtube.com/watch?v=ZSIO2z3qrwA)

Not surprising that they don't have any bad feelings about it.

------
gumby
Amusingly, I once got a call from the actual IRS -- and the caller asked for
my SSN before continuing! I declined to provide it, asked for his name, looked
up the IRS number in the phone book (this is how long ago it was), and
eventually got through to him. He did not seem at all upset or surprised by my
wanting to do so.

Turns out there was a similarly-named company not that far away from us, whose
CFO had the same last name as me. As soon as I called and gave my SSN he said,
wait, do you work for "Cygnus" and I said yes, but we figured what had gone
wrong out and he said, "sorry, never mind". Total time on the call: less than
60 seconds. Total time to get through to him? About 30 minutes.

Still, the commissioner's advice was essentially correct: I was surprised to
get the call because it wasn't for me. Was the IRS, but not a call for me.
Good thing I called back though!

------
choppaface
These scammers have been hitting me with a phone call per day for the past 3-4
months. They always use a different phone number, and only twice did they
leave voicemail (one was a recording, one was a bunch of guys chatting as if
they forgot to turn on the robot). The recording says something like "the IRS
is suing you."

For the numbers that weren't blocked, I tried checking them using Twilio's
Lookup service: [https://www.twilio.com/lookup](https://www.twilio.com/lookup)

While the numbers are often in my local area code, the Twilio API shows the
"Mobile {Network,Country} Code" is typically in South America or Eastern
Europe.

How did they get my phone number? I replied to a Craigslist ad a while back
that turned out to be a scam :( I wish there was a way to get rid of the calls
...

~~~
cmdrfred
Google voice my friend.

~~~
brightsize
Yep. I have two GV numbers and never give out my real number ever. If someone
legit wants to talk to me, they'll leave me a GV voicemail.

~~~
tracker1
One suggestion, I set my voicemail on my actual phone to the disconnect tones
followed by a very long random message... I use an mvno that doesn't let my
set conditional forwarding.

Love GV been using it for years.

------
sjg007
Someone should start an SSL verification service for official phone calls.

~~~
spacefight
Great idea - but with with what verification level? admin@domain.tld email
verification?

------
ChuckMcM
I got called once and said "Oh really? What office?" but they realized I
wasn't buying it and hung up.

These things are pervasive and they are annoying, they are also impossible to
prosecute in the "small" so I'm wondering if there is a case to be made for
user provided call tracing. Specifically, if you get a call, you can originate
from that same phone a request for trace which returns the origin point of
that call. These days with call setup being 100% digital the trace information
is available immediately (rather than after some fictional period of time with
an open line) so why not provide this as a service to phone subscribers? I'd
be willing to pay $10 whenever I triggered the service, and the data is out
there so its essentially "free money" for the phone company.

~~~
Hello71
[https://en.wikipedia.org/wiki/Malicious_caller_identificatio...](https://en.wikipedia.org/wiki/Malicious_caller_identification)

~~~
ChuckMcM
Which is tied to law enforcement involvement and is of no use in this case,
they won't follow up. I've tried. But if the phone company would send _me_
that information, I could use it to follow up with an investigation into who
these people are, where they live, how they get their money, who is complicit
in the money laundering, etc. And then either give that to the press, the
Internet, or the police depending on the desired effect.

------
Smoofer
Vaguely OT, but does anyone have good information regarding how to identify or
block scam/shady websites?

My grandfather tends to fall victim to these types of things - not even always
explicit scams like this, but believing hugely inaccurate political websites (
think Obama impeachment conspiracy type BS ), and buying into wonder-products
or just the general drivel you see in spammy ads on AOL.

I'm probably going to start by cleaning up his computer some and installing
Ad-Block, but most of the links to the websites are coming from his emails -
any advice from someone that have dealt with similar scenarios?

~~~
lucaspiller
Although it may seem a bit harsh, maybe it's better to just have a whitelist.
My dad started using a computer a few years ago and I've been worried about
the same as he gets older. The number of sites he browses is minimal though.
It's not as if he needs to go on a massive search to figure out the best
practices for X new technology and read a load of blogs.

------
fillskills
Our landline has been called by 1) IRS scammers 2)FBI scammers 3)Some fake
govt health organization suing my company for 40K!!

Funny story - So finally I told the fake health organization that if they were
genuine, they would send my company a letter and paper work. And voila, a few
weeks later we get paperwork with misspelled company name from those scammers!
I have to give them credit for trying!

------
Evolved
Maybe it's just me or maybe I have too much time on my hands but I really
enjoy messing with the scammers. This is most entertaining when done with
sound bites from movies.

Also, the IRS wants their money much much more than they want to send you to
jail so they'll work with you and be more than accommodating as long as it
means getting paid what their owed.

------
sneak
It's 2015. Every bank will communicate with me using TLS and email. Why the
hell won't the IRS?

It's insane, backward thinking.

------
nhebb
I've been getting a lot of the IRS and the "This is Windows calling" calls
recently. I usually tell them to fuck off, but once in a while I will string
them along. I figure my best revenge is to waste their time so they can't
spend it harassing someone else who doesn't know better.

~~~
backlava
And Bridget, et al, with cardholder services.

------
cheetos
Hypothetically speaking, how could one go about retaliating against this? If
one could identify the source numbers, could one set up a network of counter-
robodialers and effectively DDOS them?

~~~
cmdrfred
If you want to spend a couple bucks you can use Twilio's api to spam the hell
out of them.

~~~
taf2
don't to that please.

1\. you could get it wrong.

2\. that is not the intended use for an API like that.

3\. it would be better if you spent your time to report or collect information
to help law enforcement catch them.

It might be fun to use the API to hurt them but you're effectively stooping to
their level if you did... and in the process remember you're hurting twilio if
you do that.

------
37prime
My colleague has been getting these kind of calls at the office. The callers
do have heavy Indian accent.

It is amusing for us for any of these scammers to call any of our direct
extensions.

------
alok-g
>> Koskinen said. "Our way of contacting you is by letter."

Scammers cannot contact by letter purportedly?!

~~~
mpyne
I'm assuming the difficulty of finding a decades-old IBM Selectric to get the
authentic "government form letter" feel is what keeps the scammers out here.

~~~
rchowe
I would also assume that mail fraud is easier to investigate than telephone
fraud.

------
LoSboccacc
one of those link on that page should totally go to a page stating 'I just
told you to not fall for scam links and first thing you did was to click on a
random link on a random internet page! next time, know better not to!"

~~~
Potando
What's wrong with clicking on an unknown link? It can only hurt you by taking
advantage of an unpatched security bug in your software. But if you have that,
you might be vulnerable doing all sorts of other things on the internet. And
you probably do have that and are vulnerable doing all sorts of other things.
It's just not very likely to hurt you in either case.

~~~
LoSboccacc
It's about preemptively scaring people on how much is easy to have them do
this and that action when the communication looks legit

And following a link from a scam email has a greater risk of drive by
infection, since it is specifically crafted for that and has the user already
has convinced being legit: you have to take in account that once the seems
legit feeling is active escalating action gradually is likely to succeed.

It's about context and psychology. If one of those link from an officially
sounding page had a download this to check if you have been scammed a lot of
people would have done just that. In the same way you need to preemptively
scare them, so that the message of trust no one really comes across vivid

------
thrownaway2424
LOL, people still answer the phone.

~~~
prawn
This is flippant and not very HN, but I did upvote it. I get more nuisance and
spam calls than I get legitimate calls, and that's with getting on any do-not-
call register I can.

I pay $40-50/month for the privilege of getting mostly time-wasting phone
calls at my office and it's infuriating.

------
fma
I like how the title of the story implies that the scammers are all men, but
in the article the person who left the voicemail was actually a "stern woman".
Where is the PC police when you need it?

