IRS: Identity thieves are on the prowl
Identity theft can happen at any time of year, warns the Internal Revenue Service (IRS), but tax season sees a definite surge in attempts.
The IRS has joined with representatives of the software industry, tax preparation firms, payroll and tax financial product processors and state tax administrators to combat identity theft refund fraud to protect the nation's taxpayers.
This Security Summit is offering tips and news to help taxpayers and tax professionals to take steps to protect themselves from identity thieves and cybercriminals.
Choose good information sources
One step taxpayers and tax preparers should take is to be leery of using search engines to find technical help with taxes or tax software. Clicking on a fraudulent tax preparation or tech support site could result in compromised information.
Taxpayers searching for paid tax professional for tax help can use the IRS Choosing a Tax Professional lookup tool or if taxpayers need free help they can review the Free Tax Return Preparation Programs. Taxpayers searching for tax software can use Free File, which offers 12 brand-name products for free, at www.irs.gov/freefile. Taxpayer or tax preparers looking for tech support for their software products should go directly to the provider’s web page.
Avoid scams and phishing
Aggressive and threatening phone calls, or emails that offer "too good to be true" bait, are two ways criminals target taxpayers throughout the year, though these crimes surge during tax season.
Here are some things the scammers often do but the IRS will not do. Any one of these five things is a tell-tale sign of a scam.
The IRS will never:
- Call to demand immediate payment using a specific payment method such as a prepaid debit card, gift card or wire transfer. Generally, the IRS will first mail a bill to any taxpayer who owes taxes.
- Threaten to immediately bring in local police or other law-enforcement groups to have the taxpayer arrested for not paying.
- Demand that taxes be paid without giving the taxpayer the opportunity to question or appeal the amount owed.
- Ask for credit or debit card numbers over the phone.
Criminals in a phishing scam pose as a person or organization the taxpayer trusts or recognizes. They may hack an email account and send mass emails under another person’s name. They may pose as a bank, credit card company, tax software provider or government agency. Criminals go to great lengths to create websites that appear legitimate but contain phony log-in pages.
These criminals hope victims will take the bait and provide money, passwords, Social Security numbers and other information that can lead to identity theft. The can also can infect a taxpayer’s computer with malware that can give the criminal access to the device, enabling them to access all sensitive files or track keyboard strokes, exposing login information.
A good general rule: Don’t give out personal information based on an unsolicited email request.
Here are a few basic tips to recognize and avoid a phishing e-mail:
- It contains a link. Scammers often pose as the IRS, financial institutions, credit card companies or even tax companies or software providers. They may claim they need you to update your account or ask you to change a password. The email offers a link to a spoofing site that may look similar to the legitimate official website. Do not click on the link. If in doubt, go directly to the legitimate website and access your account.
- It contains an attachment. Another option for scammers is to include an attachment to the email. This attachment may be infected with malware that can download malicious software onto your computer without your knowledge. If it’s spyware, it can track your keystrokes to obtain information about your passwords, Social Security number, credit cards or other sensitive data. Do not open attachments from sources unknown to you.
- It’s from a government agency. Scammers attempt to frighten people into opening email links by posing as government agencies. Thieves often try to imitate the IRS and other government agencies.
- It’s an “off” email from a friend. Scammers also hack email accounts and try to leverage the stolen email addresses. You may receive an email from a “friend” that just doesn’t seem right. It may be missing a subject for the subject line or contain odd requests or language. If it seems off, avoid it and do not click on any links.
- It has a lookalike URL. The questionable email may try to trick you with the URL. For example, instead of www.irs.gov, it may be a false lookalike such as www.irs.gov.maliciousname.com. You can place your cursor over the text to view a pop-up of the real URL.
- Use security features. Your browser and email provider generally will have anti-spam and phishing features. Make sure you use all of your security software features.