by
Neal Fisch
in
attacks,
awareness,
counterfeit websites,
data security,
email,
faculty,
holiday scams,
passwords,
personal security,
phishing scams,
privacy,
security,
social networking,
staff,
students,
tips,
vishing
Just like clockwork it happens every year around April. No, I’m not talking about April Fool’s Day or the annual appearance of the Easter Bunny. I’m talking about IRS tax scams.
Every year during the months of February through April tax scammers focus their sights on us whether, at work or at home, and attempt to solicit us to offer up personally identifiable information (PII) such as social security numbers and/or birthdates, or attempt to convince us to send them money directly via credit card or wire transfer.
Some tax scams occur when fraudulent tax returns are filed in the target’s name while other variants occur when the malicious actors call the target and pretend to be Internal Revenue Service (IRS) agents. In addition, there are malicious actors who use the tax season to spread malware and phishing emails.
Of these various types of tax scams, in one type, a return is filed in the victim’s name include identity theft, identity fraud, and tax fraud. This scenario occurs when the malicious actor uses information about the tax filer such as their name, address, date of birth, and Social Security Number to file a false tax return as the target claiming as many deductions as they can to gain the largest refund amount.
In a second type of tax scam, the malicious actor contacts the target by phone and tries to convince the target to do something, such as immediately paying a fine or providing their financial information so a refund can be issued. In these instances, the malicious actor uses what they know about the victim, often information gained from a previously occurred data breach or social networking website, to convince the victim that the caller has access to the victim’s tax information. Frequently during these calls the caller will pretend to be an IRS agent.
In the third type of tax scam, malicious actors use tax related spam, phishing emails, and fraudulent websites to trick victims into providing login names, passwords, or additional information, which can be used in further fraud. Other emails or websites may download malware onto the victim’s computer.
Some things you should look out for:
- Look for “spoofed” (copied) websites that look like the official website but are not.
- Don’t be fooled by unsolicited calls. The IRS will never contact you by phone, email, text or social media, and the IRS will never demand an immediate payment or require you to use a specific payment method such as pre-loaded debit or credit cards, or wire transfers. They will never claim anything is “urgent” or due immediately, nor will they request payment over the phone.
- The IRS will not be hostile, insulting, or threatening, nor will they threaten to involve law enforcement in order to have you arrested or deported.
- Sometimes malicious actors change their Caller ID to say they are the IRS. If you’re not sure, ask for the agent’s name, hang up, and call the IRS (or your state tax agency) back using a phone number from their official website.
Recommendations
If you believe you are the victim of identity theft or identity fraud, there are a couple of steps you should take:
- File a report with your local law enforcement agency.
- File a report with the Federal Trade Commission (FTC) at www.identitytheft.gov.
- File a report with the three major credit bureaus and request a “fraud alert” for your account (Equifax – www.equifax.com, Experian – www.experian.com, TransUnion – www.transunion.com).
If you receive any spam or a phishing email about your taxes, do not click on the links or open any attachments, instead forward the email to phishing@irs.gov. Other tax scams or frauds can be reported according to the directions on these pages referenced below:
References: