For those residing in the United States, everyone’s favorite time of the year (tax season) is here! While most people are looking forward to potentially getting back some of their hard earned tax dollars, cyber criminals are gearing up for a massive pay day as well. Tax season is the equivalent of playing in the SuperBowl for criminals as they’re able to garner a huge return on their scamming investments by luring unsuspecting victims into their web of cons, tricks, and deceit. We’ll be providing information security related tax tips during the month of February in an effort to help make the world a safer place. In this week’s article, we’ll highlight several scams that target taxpayers (Shout out to the National Cyber Security Alliance (NCSA) and the Identity Theft Resource Center (ITRC) for sharing your insight with us) and how to defend against them.
- IRS-IMPERSONATION PHONE SCAMS
Callers claiming to be IRS employees – using fake names and phony IRS ID numbers – may ring you and insist that you owe money and that it must be paid as soon as possible through a gift card or wire service. If the call is not picked up, the scammers often leave an emergency callback request message. The real IRS will not call you and demand immediate payment; in general, it will mail you a bill if you owe money.
- MARKED INCREASE IN PHISHING, EMAIL AND MALWARE SCHEMES
Cyber criminals will try to get you to do something so they can steal your personal information. Watch out for unsolicited emails, text messages, social media posts or fake websites that may prompt you to click on a link or to share valuable personal and financial information. Armed with this information, online thieves can pilfer funds and/or commit identity theft. Unfamiliar links or attachments can contain malware – viruses, spyware and other unwanted software that gets installed on your computer or mobile device without your consent – which can infect your computer files if opened.
- FRAUDULENT TAX RETURNS
The FTC strongly recommends trying to file your tax return as soon as possible. The IRS only accepts one tax return per Social Security number. If the file is yours and it’s in early, it becomes impossible for a fraudster to submit another return with your personal information. It’s also important to always use smart practices with your personal information. Remember to only share your Social Security number when it’s absolutely necessary. Check your credit report regularly for shady activity, and never throw papers with critical information – like your Social Security number or bank account information – in the trash. It’s best to shred all paper containing personal data.
- TAX PREPARER FRAUD
The overwhelming majority of tax preparers provide honest services, but some unsavory individuals may target unsuspecting taxpayers and the result can be refund fraud and/or identity theft. The IRS reminds anyone filing a tax return that their preparer must sign it with their IRS preparer identification number.
So how can we secure our finances now that we know some of methods used by scammers? For starters, one should always:
- KEEP ALL MACHINES CLEAN
Updating the software on your devices that connect to the internet is critical and many of these updates include security enhancements that prevent attackers from exploiting hardware and software vulnerabilities.
- LOCK DOWN YOUR LOGIN
One cannot compromise, view, or use your data for identity theft and fraud if they can’t access it. Leveraging Two Factor Authentication (2FA) via bio metric data, hardware/software tokens like Google Authenticator and Duo, and even SMS one time passwords significantly increases your account security and adds an additional layer of complexity that an attacker needs to overcome to access your account.
- THINK BEFORE YOU ACT
A scammer will often times try to short circuit your critical thinking capabilities by telling you that their request is urgent and needs to be completed NOW! By getting you to act immediately, the scammer is more likely to succeed in their efforts as you’re less likely to question and or evaluate their request. Slow down, take a breath, and think about what the individual is asking you to do. If something doesn’t feel right, simply hang up if the scammer called you or stop responding to their emails if communicating online and call the IRS (1-800-829-1040) to verify the requested act.
- CLICK WITH CAUTION
Malicious links are the go to approach that scammers will use when communicating with you online to get you to hand over sensitive information. Always verify that the link in the email is the actual link to the intended website. This can be done by hovering over the link and inspecting the full url, copy and pasting the link into your favorite search engine or URL checker such as VirusTotal, or simply going directly to the website in question to verify if you truly need to take action on a request.
We hope you found the provided tips and tricks to stay safe and secure this tax season useful and don’t hesitate to contact us if you have any information security related questions!