Tax season is stressful enough without the threat of phony tax returns, stolen personal and financial data and phishing scams. Scammers know how to navigate the complexities of tax season and turn a profit. Here are some common scams to keep in mind this tax season.
Phishing and Other Ishing Scams: Imagine a freeform April Fool’s Day joke, the pantheon of ishings has no rules other than getting someone to take an action that gives a scammer what they need to commit fraud.
The first thing you need to know: It’s not limited to email:
- That said, email is the most common form of generic phishing. It looks something like this: Dear Taxpayer, tax professional, cardholder, policyholder, member, employee, etc, a horrible/miraculous thing has happened: click here Mr/Mrs/Ms Fomo. And with that, you’re toast.
- The more industrious scammer may do a little research (mostly on public-facing social media) and try a spearphishing approach, which is a targeted version of phishing. It might look like this: Dear Chris: You remember that purchase you made last month? Well, you really messed up this time. See attached.
- Your phone is not safe either. A vishing or phone-based scam might sound like this: Hi, Mr/Mrs/Ms! My name is Scammer and I work with the security department of your bank, the IRS, the Social Security Administration, the Jury Commission, Board of Elections. I just need to confirm the information we have for you on file.
- Finally, there’s smishing, or text-based phishing. This is a text from a company you may or may not do business with, generally telling you that an account has been frozen due to suspicious activity or an expired payment card. It includes a link that will ask for your personal information and/or payment information in order to resolve the issue.
Malware: There are nearly a billion different malware programs in circulation, and many are never more than a click or two away from your computer. Scammers can impersonate notifications from familiar tax software by companies such as TurboTax or H&R Block, release pirated versions of tax software that provide them with backdoor access, or embed malicious code in spreadsheets containing financial data.
Clone Websites: When malware-laden links are clicked you may land on a cloned website. These sites are very good, with authentic looking graphics, excellent grammar, no misspellings or anything else to indicate a problem. Sometimes you can tell something is amiss is by looking for misspellings in a URL address—but even that can be manipulated by using alternate alphabets. Criminals are now adept at securing domain names that seem legit and include security certificates, (i.e., HTTPS and a padlock).
Ransomware: Scammers may target time-sensitive files, freezing them until bitcoin is paid to thaw them. That is, if they can be thawed. Another version of bad: A ransom is paid, the files are released, but the data has also been stolen by the hackers who use the information to file false returns.
Fake IRS employees: A scammer may call you and threaten you with arrest for having failed to pay your taxes in a timely fashion. In many cases, you can tell it’s a scam because the caller demands payment with a retail gift card or a pre-paid payment card. (Yes, this really happens, and people fall for it all the time.)
Fake Social Security Administration agents: Similarly, scammers sometimes pose as SSA agents and call to inform you that they have to freeze accounts or suspend benefits due to criminal activity. Then they will let you know that this can be avoided. Just give them your sensitive personal information via phone or email and (bonus: your payment information) and the situation will be clarified.
Here are some basic strategies to protect yourself from getting scammed:
- Use 2-Factor Authentication whenever available
- Never click a link or open an attachment without independent confirmation of the sender, even if you think it’s legit.
- Never authenticate yourself to anyone who contacts you. Only provide sensitive information when you’re in control of the interaction (navigate to a site yourself, call the organization directly, never trust caller-ID).
Takeaways:
- Scammers use a wide variety of methods to steal your valuable personal information and target your tax refund. Any tax-related communication should be regarded as highly suspect.
- If you use a tax preparer, vet them thoroughly. Look for reviews and testimonials, make sure they have proper credentials and that they don’t make any suspicious or unlikely claims about being able to get faster or higher tax returns. Also make sure to ask how they protect your information.
- The IRS will never call you; they always communicate by mail. Anyone who calls you claiming to be a representative of the IRS is a scammer.
- Get a taxpayer PIN to protect your identity.