Tax season ushers in not only towering stacks of paperwork but also a surge of tax-related scams and threats. While taxpayers have until April 18 — still two months away — to submit their tax returns, the Internal Revenue Service (IRS) has already observed a “dramatic” quadrupling of tax-related phishing and malware attacks compared with last year.
Fraudsters commonly use email, SMS text messages and phone calls to lure you into giving up sensitive financial information. This year, attacks are directed not only at individual taxpayers but also at state revenue departments and tax professionals, from whom scammers want to extract login information to IRS services.
"This dramatic jump in these scams comes at the busiest time of tax season," said IRS Commissioner John Koskinen. "Watch out for fraudsters slipping these official-looking emails into inboxes, trying to confuse people at the very time they work on their taxes. We urge people not to click on these emails."
You can avoid becoming a target by spotting IRS scam emails before they can do any damage. First of all, scam emails are unsolicited. If you receive a message purporting to be from the IRS or a related agency, exercise caution. The IRS does not normally contact people via email, SMS or social networks to ask for financial or personal information.
Still, scam emails fool many people because the messages are cleverly dressed up to look credible. They appear to come from the IRS or other legitimate organizations such as tax software companies. According to the IRS, most scam emails include subject lines that ask you to take action on:
- Your tax refund
- Updating your filing details, including references to your W-2
- Confirming your personal information
- Getting your IP PIN
- Getting your E-file PIN
- Ordering a transcript
- Completing your tax return information
Phishing emails usually ask you to click an included link or URL. Don't fall for the trap. The links lead to bogus but legitimate-looking websites that often attempt to spoof the IRS’s own portal, www.irs.gov. Most sites then ask for your personal tax data, including refund information, filing status, transcripts, PINs and other information that thieves can use to file a tax return on your behalf without your permission. Other sites harbor malware such as keyloggers that monitor and log everything you type on your keyboard — usernames, passwords, messages and more — and send the logs back to the scammer.
If you receive an email that you suspect to be a scam, do not click any links. Instead, forward the email to firstname.lastname@example.org. Visit www.irs.gov/identitytheft for more information about protecting your data against identity theft.
[Image credit: Concept of hacking or phishing a login and password with malware program via Shutterstock]