Don’t fall for “IRS” scams this tax season

Tax season means that more folks than the IRS are after your money.

IRS Tax Scams 2016

Of the two certainties in life – death and taxes – you could make a credible case that the former is actually less scary than the latter for most Americans. The Grim Reaper comes just once, but the Tax Man comes every year on April 15th.

As more and more American taxpayers file their taxes online and more online tax service providers emerge, it is not just the IRS they should be concerned about. Cybercriminals now see tax time as a prime time to make a quick buck from taxpayers often over-whelmed by the complexity of filing their taxes and sensitive to communication from the IRS.

But hey, don’t take our word for it; the IRS has said as much in a statement in 2015:

As part of the Security Summit initiative, the IRS has been working closely with the tax industry and state revenue departments to provide stronger protections against identity theft for taxpayers during the coming filing season. 

This year, the IRS expects to see 150 million returns filed from individuals with four of five being done electronically (software or e-filing). For cybercriminals, that is a treasure trove of sensitive personal identification and financial data being transmitted across the Web, and the number of scams popping up in 2016 is certain to grow.

In the Tweet above, our colleague Dmitry Bestuzhev from our GReAT team showcases a classic phishing scheme where cybercriminals pretend to be the IRS. Unfortunately, the IRS now needs a whole page dedicated to both online and offline sources of fraud. In fact, out of 10,000 scams tracked by the Better Business Bureau in 2015, nearly ¼ of the scams were related to taxes.

Aside from the example shown by Dmitry, there have been a few other scams that have already made headlines in 2016 about which you should really be aware.

Phone Extortion — since 2013, there have been over 900,000 phone calls to individuals noting that the IRS needed immediate payment or the recipient will face legal penalties or jail. Given the power of the IRS and the complexity of the tax code where mistakes can easily be made, concern about this type of communication from the real IRS makes these calls something to take seriously and not easy to dismiss. This fear is exactly what criminals hope to exploit.

Each year a variation of the scam pops up , and unfortunately, much like ransomware, some victims pay and give up their hard earned cash to these criminals.

Phishing emails — as noted in the Tweet above from Dmitry, these emails are already in the wild. So when you are looking at emails, be vigilant and look for clues that the email could be fraudulent When in doubt, call the IRS to ask about it’s validity.

False filings — as the regularity of data breaches where personal identification and financial data is exposed, the some cybercriminals have become creative in how they use it. Believe it or not, the IRS sees cases where legitimate tax returns are rejected because someone using the same Social Security number had already filed taxes (and pocketed the refund) .Taxpayers who fall victim to this scam are forced to go to great lengths to prove that they really were the victim since the computers see a valid SSN filing.

Great how do I stay safe???

The purpose of this post is not to scare you, but rather to educate you on some of the tactics that scammers use to steal from innocent people like you. The IRS is also quite aware of the risks and bad folks out there and have made stopping fraud part of their highest priority. They have already identified and stopped $8 billion dollars of fraudulent refund payments in the first 11 months of 2015.

Here are three tips to follow to help keep your cash safe:

Can you trust this?

You’ve no doubt heard the adage “trust but verify”, however in the age of cybercrime you need to turn that upside down to “verify then trust.”

A simple rule to follow when it comes to your finances is that if something seems off to question it.

You receive a call asking for money? Ask for names and if you can call back, then turn to Google to fact check. If you really owe money to the IRS, for example, it is almost certain that the communication will come by postal mail in order to include a payment form so any other method of contact should set off alarm bells. It is always OK to follow up with the IRS as they mention on their fact-checking site.

Identity and Credit Monitoring. There is no shortage of services out there that will help you proactively monitor your credit and identity. Some are included with credit card or banking accounts while others are sold by companies who specialize in this area. We suggest you look into these for protecting your identity beyond the basic cybersecurity hygiene of strong passwords and adjustments to privacy settings.

Dont give up your pertinent details. This kind of falls into the “Verify then trust” bucket, but is worth its own segment. Unless it is for a specific tax reason, you should not be giving your Social Security number out freely just because someone asks for it. Unless you can confirm that you are really chatting with an agent of the government for legitimate purposes, there is no need to hand it over.

I had a robo-call the other day come in to our home saying that we needed to leave our Social Security number on their automated system. After Googling, the name of firm did not match the name on VM so I left a number for them to call back asking what the hell they were looking for with their robot stuff.

That was over a week ago, and with no return call, it was almost certainly a scam. But if that tactic works for them one out of 1,000 times, it is worth it to them. If you have elderly relatives, I would advise you sharing this with them, as it could be quite scary to hear a call like this to someone who may not be as savvy in this area.

While these tips could help you, we do encourage you to stay vigilant as criminals don’t care about you and are always looking for ways to swindle money without working too hard for it. If you see any scams, feel free to drop them in the comments below.

Tips

Cybersecure Christmas

Many hacks have started during Christmas holidays. A few simple tips will reduce the chances of your company becoming the next victim.