As the tax deadline approaches, scammers are working on new ways to steal consumer information. Primary targets are small CPA firms that advertise on platforms such as Yelp, Craigslist etc. I recently came close to becoming a victim of the data theft. I used caution throughout the process and realized that individual is a scam. Getting very close to be scammed, I am sharing my personal experience along with things to consider if you come across such a scam.
The Scam Story
On a Friday afternoon, I receive a message on my Yelp business account. The message was initiated by someone name Trent C. who was looking to file a corporate (1120) and a personal (1040) tax return. The individual asked for a quote and left his phone number to contact. See the following image of the original Yelp message:
I replied to the message with requested info and also texted the individual with the same info. The individual texted me back next day and asked for my email address, which I shared via text.
Two days later, I got an email asking me to click on a link for tax document. This was the first time when I felt something fishy. The scammer used an email address, which apparently belonged to a big law firm somewhere in CO. He used name of someone who had been employed by the law firm. Also used law firm address, web address and fax number. But used the phone number that was included in the Yelp message. See below for the image of the email:
To protect identity of the person and firm used in this scam, I have hidden some of the details. Another read flag in this email was the “reply to” address which was different from the address where email had appeared to be originated from:
Just out of curiosity I tried sending email out to the original email address and sure enough it bounced back as not delivered.
A few moments later, I get another email stating that documents have been sent and please check mailbox or junk mail. This time the originating email address was different from the above two email addresses. See below for the email screen shot:
After looking at the second email and the email address associated, scam was pretty much clear to me. To close the loop, I made a call to the number provided by scammer. Call went to voicemail with no voice message set.
Once confirmed we are dealing with a scammer here, I logged a complain on FBI website by utilizing the following link:
https://www.fbi.gov/scams-and-safety/on-the-internet
Summary of Red Flags
- Scammer’s reply to email address was different from one where the original email had appeared to be originated
- Reply to original email bounced back
- A follow-up email was sent which initiated from a totally different email address
- Scammer never answered the phone call
- Scammer tried to present him/her as a CFO of a big law firm; however, voicemail on the phone was not setup