WASHINGTON – With the approach of the holidays and the 2018 filing season, the IRS, state tax agencies and the nation’s tax industry urge people to be on the lookout for new, sophisticated email phishing scams that could endanger their personal information and next year’s tax refund.
The most common way for cybercriminals to steal bank account information, passwords, credit cards or Social Security numbers is to simply ask for them. Every day, people fall victim to phishing scams that cost them their time and their money.
Those emails urgently warning users to update their online financial accounts – they’re fake. That email directing users to download a document from a cloud-storage provider? Fake. Those other emails suggesting the recipients have a $64 tax refund waiting at the IRS or that the IRS needs information about insurance policies – also fake. So are many new and evolving variations of these schemes.
The Internal Revenue Service, state tax agencies and the tax community — partners in the Security Summit — are marking “National Tax Security Awareness Week” with a series of reminders to taxpayers and tax professionals. In part two, the topic is avoiding phishing scams.
Phishing attacks use email or malicious websites to solicit personal, tax or financial information by posing as a trustworthy organization. Often, recipients are fooled into believing the phishing communication is from someone they trust. A scam artist may take advantage of knowledge gained from online research and earlier attempts to masquerade as a legitimate source, including presenting the look and feel of authentic communications, such as using an official logo. These targeted messages can trick even the most cautious person into taking action that may compromise sensitive data. The scams may contain emails with hyperlinks that take users to a fake site. Other versions contain PDF attachments that may download malware or viruses.
Some phishing emails will appear to come from a business colleague, friend or relative. These emails might be an email account compromise. Criminals may have compromised your friend’s email account and begin using their email contacts to send phishing emails.
Not all phishing attempts are emails – some are phone scams. One of the most common phone scams is the caller pretending to be from the IRS and threatening the taxpayer with a lawsuit or with arrest if payment is not made immediately, usually through a debit card.
Phishing attacks, especially online phishing scams, are popular with criminals because there is no fool-proof technology to defend against them. Users are the main defense. When users see a phishing scam, they should ensure they don’t take the bait.
Here are a few steps to take:
The IRS, state tax agencies and the tax industry are working together to fight against tax-related identity theft and to protect taxpayers. Everyone can help. Visit the “Taxes. Security. Together.” awareness campaign or review IRS Publication 4524, Security Awareness for Taxpayers, to learn more.