Protecting yourself and your data during tax season!
May 17th is this year’s tax filing day in the United States. Many Americans are preparing to file their taxes online, while many cybercriminals are preparing tax scams.
How to protect your personal information during tax season
The Treasury Inspector General for Tax Administration reports that more than 2.4 million Americans have fallen victim to scams via phone, physical mail and email. These targeted attacks can be very convincing. Don’t be fooled by criminals impersonating the IRS!
- The IRS will never email or text you
- What to do if you receive a suspicious phone call
- What to do if you receive an unsolicited fax
- The IRS maintains a list of IRS-related phishing schemes
- Help fight identity theft
- Keep your computer and mobile device secure by using a strong password, VPN and multi-factor identification. Be sure to set your phone for automatic updates. And never leave it lying around where someone can take it!
- Avoid phishing scams and malware by being careful about what emails and texts you respond to. Be on the lookout for any emails with an “urgent” message that pressure you to respond immediately.
- Protect your tax return by using an identity protection PIN. An IP PIN is a six-digit code that prevents an identity thief from fraudulently filing your tax return. Learn more about this from http://www.irs.gov/ippin.
If you receive a text or email from someone claiming to be an IRS employee, don’t hit “reply.” The IRS will never text, email or reach out on social media to request any personal or financial information. That text is a scam!
If you receive a suspicious email, you can report it to firstname.lastname@example.org. If you receive an unsolicited SMS message, do not reply, do not click on any links and do not open any attachments. You can forward the text to 202-552-1226. (Standard text message rates do apply.)
There are many IRS scams involving phone calls. Some of these are robocalls, fake tech support and telemarketing calls. The IRS recommends installing call-blocking software on your device to screen out these fake calls.
While they do not endorse a specific product, they suggest that you check places like consumerreports.org for a list of available options.
There is a fax scam that involves a fake Form W8-BEN. If you are a foreign citizen, please visit the FATCA home page.
Once you determine that it is not legitimate, report the incident to email@example.com (subject FAX)
Did you know that the IRS maintains a list of all reported phishing scams? The IRS alerts taxpayers to scams that use their logo, the IRS name, logo or website clones that try to steal assets or identities.
You can find the entire list here. Search the site using the term “phishing”.
One reason scammers use phishing bait is to steal unwary users' identities. Identity theft occurs when someone uses your personal information (such as your name, Social Security number or address) without your permission in order to commit crimes. You can help protect yourself from identity theft with a few precautions.
How to recognize a phishing scam
The FBI’s Internet Crime Complaint Center reported that people lost $57 million to phishing schemes in one year. Phishing emails use many different tactics to gain access to your email, bank account, identity number and other sensitive data.
- Offer something for free: Remember, nothing is free. Many times, scammers will tell you that you won a free iPad or phone, or offer a coupon for free items. Don’t take the bait!
- The email comes from someone you know: Phishing emails often emulate real companies like banks or retailers. Look for messages saying there are problems or issues, and look for generic greetings. Always be wary if the email prompts you to enter ANY information. Never enter any credentials or banking information into an unsolicited email! Always go to the official source by validating with a legitimate number or website (NOT the one listed in the email).
- The email pressures you to act immediately:Scammers use many psychological tactics to make you “act immediately!” They will also use threats to make you drop your guard. They might tell you that you are being sued, or that a relative is in jail and you must wire money to them now.
- They want you to click a link: Phishing emails usually want you to click a link or enter credentials. This should always be a red flag! Clicking links or downloading files can expose you to dangerous malware or ransomware. These emails may look like messages from a friend or coworker; a delivery notification; or a fake invoice. The possibilities are endless. Always think twice and validate before clicking a link or downloading a file.
- They capitalize on holidays or current events: Scammers are notorious for this type of phishing scam. They leverage events like Tax Day or holidays like Valentine’s Day or, more recently, COVID-19 testing and vaccine information. Always, always, always go to an official source and never respond to or click on any unsolicited email links!
APWG Phishing Activity Report for Q4 2020 released! (Access the full report here)
The Anti-Phishing Working Group (APWG) reports on phishing trends reported by its global partners. Companies can submit through the organization’s website (https://apwg.org) and by email (firstname.lastname@example.org). According to APWG:
- The number of phishing attacks observed by APWG doubled in 2020!
- Business email compromise scams are becoming more costly for the victims
- Financial institutions, webmail and SaaS site category, was the one most frequently victimized by phishing in Q4
- Phishers are using an array of deception techniques to fool users. These include domain names chosen to avoid detection, encryption designed to lull victims into a false sense of security and deceptive email addresses used to spoof trusted companies and business contacts.
Tuesday Training… "Creating Strong Passwords"
Anthony helps Harold create a new, strong password. Turns out what you really need is just a little more … creativity.