Tax (fraud) season is here
Tax season is prime time for online scams. With the filing deadline just two months away, cyber criminals are hard at work now trying to steal people’s tax refunds, bank accounts and identities.
Last year, the IRS estimates it paid $5.8 billion in bogus refunds. The Federal Trade Commission recently announced that it tracked a nearly 50 percent increase in identity theft complaints in 2015, and by far the biggest contributor to that spike was tax refund fraud.
This year there’s a new attack in the form of an email campaign that delivers malware if you download a booby-trapped Word document. The subject line tends to be something like “URGENT 2015 Tax Return PIN.” Don’t open the document, or you will infect your computer.
Whether or not you’ve already filed your taxes this season, you can still be vulnerable to tax-related scams. Many schemes claim to have information about your refund or note a problem with your return.
Here are some of the most common email scams to watch out for:
- The email says the user is owed a refund and should forward a bank account number where the refund may be deposited. If the scammer gets your bank account information, a big withdrawal will be made from your account.
- The email contains enticing offers or refunds for participating in an “IRS Survey.” This fake survey is actually used to steal enough information to steal identities.
- The email threatens the user with fines or jail time for not making an immediate payment or responding to the email.
- The email includes a “helpful” downloadable document (e.g. “new changes in the tax law” or a tax calculator). In reality, the download is a malicious file intended to infect your computer.
How to avoid becoming a tax-scam victim
- Do not respond to email appearing to be from the IRS. The IRS does not request personal or financial information through email or social media. If you receive an unsolicited email claiming to be from the IRS, forward it to email@example.com.
- Do not respond to unsolicited email, and do not provide sensitive information via email. If the email appears to be from your employer, bank, etc., contact the entity directly using the contact information you have in your records. Do not open any attachments or click on links in unsolicited or suspicious email.
- Carefully select the tax sites you visit. Use caution when searching online for tax forms, advice on deductibles, tax preparers and other similar topics. Do not visit sites by clicking on a link sent in an email, found on someone's blog or in an advertisement. The website you land on may look just like the real site, but it may be a well-crafted fake.
- Write out “Internal Revenue Service” rather than IRS on any check you write. “IRS” is too easy to manipulate into “MRS” or “TRS,” making it easy for scammers to cash the check.
- Secure your home computer. Make sure your computer has all operating system patches and software updates. Anti-virus and anti-spyware software should be installed, running and receiving automatic updates. (City equipment is managed by IT staff — ask the IT Service Desk if you have any questions or concerns about your City computer). Make sure you use a strong password and different passwords for each account.
- If you owe taxes, the IRS will mail you a bill before contacting you any other way. It will not email you first.
- The IRS will not be hostile, insulting or threatening. Nor will it threaten to involve law enforcement to have you arrested or deported.
Contact the IT Security Officer if you have a security-related question or suggestion or want to comment on this article.
Published Feb 23, 2016