Phishing is amongst the most popular and the most dangerous types of cybercrime that can cause major financial loss, among other things. And tax season is phishing season. The IRS and state tax agencies are warning taxpayers to stay alert of these scams that can take advantage by stealing valuable information. As everyone is gearing up for tax preparation, taxpayers are particularly vulnerable at this time of the year. Criminals would want to benefit from this situation. Thus, it is wise to be prepared.
How to identify a phishing attack?
To protect oneself from an attack, we must gain knowledge about the attacker and their methods. Let us learn about a few common phishing schemes and how you can spot them to avoid being scammed.
We are all aware of spam emails that reach our inbox. These are usually badly written, with a warning to scare you, asking about your bank account details, or a card payment failure. These emails contain a link or an attachment. They are sent in masses in the hope that someone will be naive enough to open them.
If the email is sent from a bogus/suspicious address and does not have your name on it, it is probably a phishing scam. Do not click on any links or download any attachments.
This can be referred to as a specific kind of phishing where a few details about the target is already known to the attacker. Here it is easier to trap the target and getting sensitive information out of them.
Do not open email attachments until they are from a trusted source. Better to be safe than becoming history.
These are more sophisticated attacks that mainly target the higher management of a company. They are subtle, and difficult to catch as criminals are trying to imitate members of the senior staff. The key here is to be aware and careful of the information being asked in an email.
Criminals value tax forms as they include every sensitive information that they could possibly need, including Social Security Numbers and bank details. Thus, check the authenticity before filling in your details. Even filling and then not submitting can compromise your data.
Vishing and Smishing
While the end goal remains the same, here the medium changes to the telephone. Vishing means fraud through calls and smishing involves text messages. The fraudster calls the target posing as an agent from the bank and informs the victim that their account has been compromised. The victim, if they believe it, goes into a panic mode and provides their details in the name of verification or to transfer money to a safer account. Unsuspecting individuals still get trapped in the act and lose their savings, which is why this scheme still makes the Dirty Dozen list of the IRS.
Never share your personal information via call or email. A bank agent will never ask you for sensitive details. Remember, if it sounds suspicious, it probably is.
Social Media Phishing
Social media has become a great tool for people to connect, but it also means your personal life is out there for the world to see. Criminals can very easily use the data posted on these sites and use it to their own benefit.
Thousands of Facebook users received notification of being mentioned in a post in 2016. This downloaded a Trojan in the browser when clicked. The compromised browser thus could be easily used by the hacker to steal information and spread the same infection through the user’s friends.
Warnings by the IRS
The tax season is the most wonderful time of the year for scammers. The IRS has warned taxpayers not to fall for these fraud activities pretending to be from the IRS. Always remain alert.
A stream of New Email Phishing Scams
Phishing tops the ‘Dirty Dozen’ list issued by the IRS on fraudulent activities. A 60% increase in the bogus emails with the aim of stealing money or tax data were noted in the year 2018. While there was a decline in the numbers for the previous years, this huge increase clearly shows that criminals are on the rise.
During this time of the year, emails containing malware with subject lines like “IRS Important Notice” or “IRS Taxpayer Notice” are sent by criminals demanding payment or threatening to seize tax refund. Do not respond to these emails or click on the links/attachments. Forward them to firstname.lastname@example.org and delete them.
Phone Scams are Still Popular
Callers posing as representatives of the IRS threaten to arrest the taxpayers until payment is made through a debit card or wire transfer. Mind you, these people are very clever. They can say that your warning letters were returned undelivered and create panic. They may know some of your personal information to prove that they are legitimate (which they are clearly not) and milk money out of innocent taxpayers.
In case this happens, remind yourself the following:
- The IRS never calls to demand payment over the phone.
- The IRS will never threaten to bring in local law enforcement immediately.
- They will never demand any amount without giving you an opportunity to appeal why.
- They never ask for a specific mode of payment, or for credit/debit card number over the phone.
Do not engage with such a caller. Do not give out any information. The best thing to do is just hang up. You can also contact Treasury Inspector General for Tax Administration to report the scam call by calling 1.800.366.4484 or by filling out the IRS Impersonation Scam Reporting form on their website.
There are various ways to safeguard your information and identity online. Watch this space for more articles on tax season, the IRS and security hacks.
Sagenext is a leading cloud hosting provider for tax and accounting applications. They are dedicated to empowering modern CPAs, accounting professionals, startups and SMBs by providing a comprehensive range of reliable, scalable, secure, and pocket-friendly cloud-based solutions.