Don’t Get Hooked by Phishing
No doubt about it, the idea that there are hordes of scammers out there trying to purloin the personal information belonging to you – and your clients – is the new normal. And while reports of the newest tax scam are a pretty regular occurrence these days, it doesn’t have to be that way.
A lot of the income tax scams these days use a technique called “phishing” to fool you into giving Social Security numbers, passwords and more to the bad guys. Phishing can use a bogus website that looks legitimate, a phone call from someone who sounds official, or some other communication that appears to be from the IRS or another official agency.
So, how do we know it’s a scam?
In order to ask (or in some cases, to demand) taxpayers to furnish their personal information, every phishing scam displays behavior the IRS would never use. Know when that line’s been crossed, and you know you’re dealing with a scam. So here are some of the tactics that should set those alarm bells ringing.
Scams Aimed at Professionals
The Scam: A bogus email asks tax professionals to update their IRS e-services portal information and Electronic Filing Identification Numbers (EFINs) by clicking a link in the email. The links provided, however, are an attempt to capture the recipient’s username and password. The email was not sent by the IRS.
A similar variant now being reported by tax pros involves an email that includes the direction to “update your IRS e-file immediately.” The email has a link to a bogus website that attempts to look like the real IRS.gov. Recipients get a hint the email is a scam because it mentions IRSgov (the real website has a dot between “IRS” and “gov”).
The Give-Away: If the IRS did need you to update your e-services information, you’d get a letter by U.S. Postal Service asking you to revisit your account settings and change the information in your setup. Never click on strange links from emails you didn’t initiate. Call the IRS E-File Help Desk at 866-255-0654 if you have questions about any request for your account information. Also, check out IR-2015-31 for more information on phishing scams in general.
Scams Aimed at Taxpayers
The Scam: One of the newest email scams appears to be from the Taxpayer Advocacy Panel (TAP) about an income tax refund. The TAP is a volunteer board that advises the IRS about issues affecting taxpayers. But it didn’t send the email. The bogus email tries to trick taxpayers into furnishing personal and financial information.
The Give-Away: The Taxpayer Advocacy Panel has nothing to do with individual tax returns or refunds. The TAP deals only with large-scale systemic issues facing taxpayers. The Panel does not have access to any taxpayer’s personal information and will never ask for it. Instead of responding, forward the email to phishing@irs.gov and note that it appears to be a scam email phishing for your information.
The Scam: Other email phishing schemes share the same general methods of operation. They will appear to be from an official federal or state website such as IRS.gov or SSA.gov, but they may claim to be from the tax software industry. In all cases, the phishing emails seek to get the taxpayer to click on a link or to supply information related to refunds or filing status, ordering transcripts, verifying PINs, or confirming personal information.
The Give-Away: A federal agency will never initiate contact with a taxpayer via email. Both the Internal Revenue Service and the Social Security Administration will instead send a letter directing the taxpayer to call the standard official telephone numbers, or to sign in on the main websites. If a suspected scam email claims to be from a private company, DO NOT click the link in the email. The links will redirect the taxpayer to a bogus website that appears to be official and asks for Social Security numbers and other personal information. But the sites can also carry malware that can infect computers and allow scammers to track your keystrokes or access your files.
In 2016, the IRS has seen a 400-percent increase in phishing and malware incidents aimed at taxpayers – and now, tax professionals. For more information on the latest phishing scams, check out IR-2016-28.