Tax Scams and Identity Theft: What You Need to Know
Preventing Cyber Crime During Tax Time
It is that time again for tax season, which means it is also a great time for threat actors to target taxpayers and their data. Threat actors are after W-2 information and personally identifiable information such as Social Security numbers, dates of birth, bank account or credit card numbers, and drivers’ license numbers. With this information, threat actors can file fraudulent tax returns to collect refund money and engage in other identity theft schemes. According to the IRS, tax-related scams meant to steal data or money via social engineering tactics increased 60 percent between 2017 and 2018; therefore, heading into the 2019 tax season, taxpayers are highly advised to maintain awareness of common tax scams and follow best practices protect themselves and their data.
Some of the most prevalent tax scams include:
Phone Scams: These are unsolicited phone calls from scam artists claiming to be IRS agents. They accuse their victims of owing back taxes and attempt to scare them into sending money in order to pay the fake bill. These scammers may even leave urgent-sounding voicemails with a callback number if the potential victim does not answer the phone. They also employ call spoofing technology to make it appear that the call originated from the IRS.
Email Scams: Phishing emails appearing to come from the IRS attempt to lure potential victims into opening malicious attachments, clicking on malicious links, or sending personal information or money to scammers. Scammers are also targeting people who use tax preparation software by emailing malware-infected attachments disguised as tax software updates or account alerts to try to gain access to victims’ tax files or login credentials.
Website Spoofing: Some scammers will go as far as spoofing a web address and creating a fraudulent website designed to look like a legitimate IRS or tax preparation company’s site in an attempt to fool their victims.
To see a full list of currently circulating IRS tax scams, be sure to read the IRS’s “Dirty Dozen” tax scam list for 2018.
Taxpayers are highly advised to follow the below tips to reduce victimization:
Protect Personal Information
Be mindful of what is shared online and on social media websites.
Use strong and long passwords and enable multi-factor authentication where available.
Use unique passwords for each account.
Safeguard electronic files through encryption where available.
Properly dispose of electronic devices that are no longer in use.
Do not provide financial information over the phone to someone claiming to be the IRS. If taxes are owed, the IRS will send a bill in the mail.
Keep Your Device Secure
Keep computer and mobile device software, including security software, web browsers, and operating systems updated.
Use a firewall, virus and malware protection, and file encryption where available.
Refrain from connecting to public wireless networks, unless used in conjunction with a virtual private network (VPN).
Avoid Phishing and Malware
Refrain from opening emails, attachments, and/or links from unexpected and untrusted sources.
Exercise caution when opening and responding to emails from known senders and verify the sender via another means of communication before taking any action.
Only download and install software from known and trusted websites.
The IRS highlighted their “Dirty Dozen” tax scam list for 2018 to include tactics such as phishing, phone scams, identity theft, return preparer fraud, fake charities, and inflated refund claims. The slogans “think before you act” and “when in doubt, throw it out” are quick and easy reminders for taxpayers to remain alert and vigilant not just during tax season, but throughout the year.
The NJCCIC encourages everyone to visit the following resources for more information:
Internal Revenue Service (IRS) Identity Theft Protection and IRS Tax Scams/Consumer Alerts
Identity Theft Resource Center (IRTC)
Federal Trade Commission (FTC) and FTC Consumer Information
National Cyber Security Alliance (NCSA) StaySafeOnline