It’s tax filing season, and the Internal Revenue Service (IRS) and state tax agencies have issued warnings related to a recent increase in sophisticated phishing emails. The emails appear to come from the IRS and demand a payment or threaten to seize tax refunds as a result of non-payment.
What is phishing? Phishing is a tactic cyber criminals use to collect an individual’s online banking, credit card, or other identifying account information. Once received, the cyber criminals can use your information and make transactions as you.
The tax refund season is the time of year in which the majority of tax related scams occur and there is increased vulnerability. This year, the IRS has reported a 60% increase in phishing emails attempting to steal taxpayer funds and tax-related information.
Phishing emails can be hard to detect. Often, intimidation tactics and urgent requests are commonly used by cyber criminals. The emails sent in a phishing attempt will appear to come from a trusted source, using a spoofed or compromised email address. Phishing emails usually contain stolen logos and often include hyperlinks to malicious websites, or contain attachments that are embedded with malware or viruses.
Targeted tax time victims have reported that their emails contained the following:
- An email originating from IRS Online
- Contained an attachment titled “Tax Account Transcript”
- A subject line using the phrase “Tax Transcript”
In addition to email phishing scams, similar phone scams have also been reported. A common phishing phone attempt involved a caller claiming to be from the IRS and threatening victims with a lawsuit or arrest if a tax payment isn’t made immediately with a debit card.
To reduce your risk of falling victim to a phishing scam:
- Remember that the IRS will never initiate contact with taxpayers via email, text, or social media network to request personal or financial information.
- The IRS also will never call a taxpayer and threaten a lawsuit or arrest.
- Do not click on links or open email attachments from an unknown or suspicious source. Even if the email appears to be from someone you know, subtle variations will be present in the sender’s email address (for example: JohnSmith1@abc.com instead of JohnSmithI@abc.com).
- Another red flag for email recipients includes grammatical errors and spelling mistakes. Legitimate professional organizations and agencies typically do not contain such errors in their communications.
- For more information on preventing and reporting tax scams to the IRS, click here.
Article Source: CUNA Risk Alert, December 2018