We’re in the midst of tax season, the ideal time for scam artists to pose as legitimate entities — such as the Internal Revenue Service (IRS), other government agencies, or financial institutions — in an attempt to defraud taxpayers. Fraudsters commonly use sophisticated phishing campaigns to lure taxpayers to malicious sites or entice them to activate malware in infected email attachments. To protect your sensitive data, credentials and payment information, it’s crucial to know the signs of a phishing attack, prepare for heightened risk this tax season, and remain vigilant year-round.
Know How to Spot a “Phish”
Phishing attacks use email or malicious websites to solicit personal information by posing as a trustworthy organization. In many successful incidents, recipients are fooled into believing the phishing communication is from someone they trust. A fraudster may take advantage of knowledge gained from research and earlier attempts to masquerade as a legitimate source, including the look and feel of authentic communications. These targeted messages can trick any user into taking action that may compromise enterprise and/or personal security.
Here are a few of the most common signs of phishing so that you can stay alert and help protect your financial information this tax season and beyond.
- The sender’s address looks off. If the sender’s email is formatted strangely, is unfamiliar to you or doesn’t match up with the organization the sender claims to be from, be cautious of the sender’s message.
- Numerous grammatical errors. If the message is riddled with errors for being a “professional” email, that’s another key indicator something is off and to be wary.
- Ties to a current event. This isn’t always the case, but oftentimes scammers use current events, such as tax season, as leverage for their messaging to make it more believable. Even if the messaging may be relevant, if you don’t recognize the sender or aren’t expecting the message, don’t engage.
- An urgent request. If the sender emphasizes an urgent request and a tight deadline is present — whether that’s responding within 24 or 48 hours or as quickly as possible — don’t buy it.
- Consequences to inaction. Bouncing off the previous sign, another red flag is the threat of consequences if you fail to do something, such as send money, click a link or provide private information. If an empty threat is in the email, that’s often a clear giveaway of a phishing attempt.
Understand How the IRS Communicates With Taxpayers
Another beneficial way to protect your private data this tax season is to know how the IRS communicates electronically with taxpayers. The IRS doesn’t initiate contact with taxpayers by email, text messages or social media channels to request personal or financial information. The organization will also never request PIN numbers, passwords or similar access information for credit cards, banks or financial accounts. It’s also important to note that the official website of the IRS is irs.gov. If you receive an electronic communication asking you to visit a URL different from this, or requesting any type of financial information, it’s most likely a scam.
Take Action to Avoid Becoming a Victim
If you believe you may have revealed sensitive information about your organization, report it to the appropriate contacts within your company, such as network administrators or your IT support team. They can help be alert for any suspicious or unusual activity on your organization’s network.
If you think you may have revealed personal financial information to a potential scammer, be sure to contact your financial institution(s) immediately and watch out for any fraudulent charges to your financial accounts. You should also change your passwords for all financial-related accounts as soon as possible. If you used the same password for multiple accounts, make sure to use a unique password for each account (and never use the compromised password again).
Help the IRS Stop Tax Scams
To report tax-related scams, the IRS encourages taxpayers to use the following methods depending on how the scammer contacted you:
- Email: If you read an email claiming to be from the IRS, do not reply or click on attachments and/or links. Forward the email as-is to phishing@irs.gov, then delete the original email.
- Website: If you find a website that claims to be the IRS and suspect it’s fraudulent, send the URL of the suspicious site to phishing@irs.gov.
- Text message: If you receive a suspicious text message, don’t reply or click on attachments and/or links. Forward the text as-is to 7726 (SPAM) — standard text rates apply — then delete the original message (if you clicked on links in SMS and entered confidential information, visit the IRS’ identity protection page).
If you’re a victim of any of the above scams involving IRS impersonation, please report it to phishing@irs.gov and file a report with the Treasury Inspector General for Tax Administration (TIGTA), the Federal Trade Commission (FTC) and the police.
At Creative Planning Business Services, we offer a wide range of cybersecurity services to help businesses keep their private information out of the hands of fraudsters. Schedule a meeting today to explore our service options and what we can do to help your business data remain secure.
