FBI/IRS scam23 Jan 2017
TLDR/PSA: there’s a well-executed scam involving phone number fraud. Caller IDs are not a safe method of verifying someone’s identity (even if you find their number on the official website!).
Just a quick recap of a scam attempted on me today, which I thought was interesting and well done. I didn’t realize the lack of security around phone numbers and how easily they’re spoofed.
Today around noon, I received a phone call with the Caller ID “Federal Bureau of Investigation” (number: 302-658-4391, the correct number for the FBI office in Wilmington, Delaware). An “agent” claimed that I (they specifically said Yixin Lin from Duke University) had an ongoing case against me for failing to turn in Form 8863 (an educational credit IRS form), and the tax plus penalties totaled $3950; I had a choice between resolving this or being arrested/having the case being pressed against me. They were very insistent on me staying on the line (“hanging up will be seen as an attempt to evade the FBI”), and I was supposed to go acquire some official forms from a nearby store that will be shipped to the IRS in order to resolve this matter.
I checked the caller ID, which was certainly linked to the FBI (appeared on a Department of Justice website, for instance, and later found out was the actual number for the FBI office). Furthermore, another person also called me demanding the same thing but claiming to be local police– but they called from an emergency line which was unblockable according to my phone. Both of these pointed to legitimacy, as I didn’t realize they could be spoofed (especially the emergency number which overrides blocking). On the other hand, this seemed like a very strange way to pay back the IRS. Also, every “agent” I was forwarded to had a slight Middle Eastern or South Asian accent (in the moment, I tried to be liberal minded about the possibility of FBI hiring practices, but I should have just taken the hint).
Interestingly enough, they directed me to Target to obtain these forms; once there, they told me to buy $3950 in Target gift cards. At that point I realized the whole thing was too ridiculous even if they did have legitimate phone numbers, demanded some proof which clearly wasn’t forthcoming (they kept referring back to the caller ID information, which is apparently their competitive advantage as far as scams go), and they hanged up. I was gullible enough to Uber to Target (kind of hilarious in hindsight!), but learned something new about spoofing phone numbers), and now hopefully you won’t fall for it.