It’s tax time. Which, also unfortunately means it is also tax scam time too.
David A. Tucker II, IRS Media Relations Representative, has some great tips on ways you can avoid becoming a tax scam victim, as well as resources if you find you’ve become a victim.
What are some current scams the IRS is seeing?
A sophisticated phone scam targeting taxpayers, including recent immigrants, has been making the rounds throughout the country. Callers claim to be IRS employees, using fake names and bogus IRS identification badge numbers. They may know a lot about their targets, and they usually alter the caller ID to make it look like the IRS is calling.
Victims are told they owe money to the IRS and it must be paid promptly through a gift card or wire transfer. Victims may be threatened with arrest, deportation or suspension of a business or driver’s license. In many cases, the caller becomes hostile and insulting. Victims may be told they have a refund due to try to trick them into sharing private information. If the phone isn’t answered, the scammers often leave an “urgent” callback request.
Some thieves have used video relay services (VRS) to try to scam deaf and hard of hearing individuals. Taxpayers are urged not trust calls just because they are made through VRS, as interpreters don’t screen calls for validity. For details see the IRS video: Tax Scams via Video Relay Service.
The most common way for cybercriminals to steal bank account information, passwords, credit cards or Social Security numbers is to simply ask for them. Every day, people fall victim to phishing scams that cost them their time and their money.
Those emails urgently warning users to update their online financial accounts – they’re fake. That email directing users to download a document from a cloud-storage provider? Fake. Those other emails suggesting the recipients have a $64 tax refund waiting at the IRS or that the IRS needs information about insurance policies – also fake. So are many new and evolving variations of these schemes.
What are some steps consumers can take to protect themselves?
Here are a few steps to take:
- Be vigilant; be skeptical. Never open a link or attachment from an unknown or suspicious source. Even if the email is from a known source, approach with caution. Cybercrooks are adept at mimicking trusted businesses, friends and family. Thieves may have compromised a friend’s email address or they may be spoofing the address with a slight change in text, such as email@example.com vs firstname.lastname@example.org. In the latter, merely changing the “m” to an “r” and “n” can trick people.
- Remember, the IRS doesn’t initiate spontaneous contact with taxpayers by email to request personal or financial information. This includes text messages and social media channels. The IRS does not call taxpayers with threats of lawsuits or arrests. No legitimate business or organization will ask for sensitive financial information via email. When in doubt, don’t use hyperlinks and go directly to the source’s main web page.
- Use security software to protect against malware and viruses. Some security software can help identity suspicious websites that are used by cybercriminals.
- Use strong passwords to protect online accounts. Each account should have a unique password. Use a password manager if necessary. Criminals count on people using the same password repeatedly, giving crooks access to multiple accounts if they steal a password. Experts recommend a password have a minimum of 10 digits, including letters, numbers and special characters. Longer is better.
- Use multi-factor authentication when offered. Some online financial institutions, email providers and social media sites offer multi-factor protection for customers. Two-factor authentication means that in addition to entering your username and password, you must enter a security code generally sent as a text to your mobile phone. Even if a thief manages to steal usernames and passwords, it’s unlikely the crook would also have a victim’s phone.
Are there good resources available to help keep yourself aware of current scams?
https://www.irs.gov/newsroom/tax-scams-consumer-alerts is a good resource, as is the Federal Trade Commission website, www.ftc.gov.
If you do fall victim to a scam, what steps should you take?
If you are a victim of identity theft, the Federal Trade Commission recommends these steps:
- File a complaint with the FTC at identitytheft.gov.
- Contact one of the three major credit bureaus to place a ‘fraud alert’ on your credit records:
- Contact your financial institutions, and close any financial or credit accounts opened without your permission or tampered with by identity thieves.
If your SSN is compromised and you know or suspect you are a victim of tax-related identity theft, the IRS recommends these additional steps:
- Respond immediately to any IRS notice; call the number provided.
- Complete IRS Form 14039, Identity Theft Affidavit, if your efiled return rejects because of a duplicate filing under your SSN or you are instructed to do so. Use a fillable form at IRS.gov, print, then attach the form to your return and mail according to instructions.
If you previously contacted the IRS and did not have a resolution, contact us for specialized assistance at 1-800-908-4490. We have teams available to assist.
Any additional info you think is helpful for consumers?
I would also say that prevention is the key to not becoming a victim. Here are some ways to reduce the risk:
- Always use security software with firewall and anti-virus protections. Use strong passwords.
- Learn to recognize and avoid phishing emails, threatening calls and texts from thieves posing as legitimate organizations such as your bank, credit card companies and even the IRS.
- Do not click on links or download attachments from unknown or suspicious emails.
- Protect your personal data. Don’t routinely carry your Social Security card, and make sure your tax records are secure.
See Publication 4524, Security Awareness for Taxpayers, to learn more.
The IRS does not initiate contact with taxpayers by email to request personal or financial information. This includes any type of electronic communication, such as text messages and social media channels.
Report suspicious online or emailed phishing scams to: email@example.com. For phishing scams by phone, fax or mail, call 1-800-366-4484. Report IRS impersonation scams to the Treasury Inspector General for Tax Administration’s IRS Impersonation Scams Reporting.
David has been with the IRS since 2010 and is the Media Relations Representative for the states of Alaska, Hawaii, Oregon, Washington and Northern California.