Taxpayers have at least one piece of good news from the pandemic virus that is circling the globe – tax season is extended, allowing additional time for completing and paying 2019 taxes. On the downside, that means scammers that take every opportunity to separate citizens from their money have extra time to create and perpetuate their evil phishing email scams.
Email scams have become increasingly sophisticated in appearing to be from legitimate businesses or known contacts, making detection more difficult to the unsuspecting or untrained recipient.
3 Top Scams Now in Circulation
There are always countless methods and scams cyberthieves use to entice users to click links, open documents that contain malware, or provide personally identifiable information (PII). Tax season opens the doors for even more potential cases of fraud and identity theft attempts.
Social Security Number Scam
Taxpayers should be leery of any emailed attempt to request information related to PII such as social security numbers (SSN) or bank accounts. A new version of an SSN scam threatens to cancel the victim’s social security number, often under the guise of demanding payment for past due taxes (which of course the recipient does not owe).
Panic can set in quickly, which the scammer utilizes to provide immediate payment instructions – often by wire transfer to their accounts or via prepaid debit cards.
IRS Impersonation Scam
Tax preparers and individuals are being warned of another current tax scam spreading by email. Imposters presenting themselves as IRS representatives send emails with subjects that allude to “Electronic Tax Return Reminder” or “Automatic Income Tax Reminder”, which certainly will pique the interest of most taxpayers.
Within these emails lies a phony link that may appear to be a legitimate IRS website, including a temporary password to access the site for more information on the return or refund. In reality, the scam results in introducing malicious malware that exposes the user’s computer to attacks that can provide accounts, passwords, and other sensitive data to the scammer.
Tax Transcript Email Scam
This transcript phishing scam – commonly known as Emotet – is especially troublesome to businesses, as when an employee falls for the premise and opens the attached file, malware is released that can spread throughout corporate networks, taking considerable time and effort to resolve the damage and remove the malware.
Masquerading as an official IRS communication or an email from a bank or other financial institution, these emails often contain a subject or attachment represented as a “tax transcript”. Naturally, the recipient opens the document to see the details, and the phishing scheme has become successful.
Other email scams reported by the IRS and other agencies include:
- Fraudulent – but authentic-looking – messages about your locked tax information, requesting to click a link to resolve the problem by entering personal information.
- Messages pretending to be from Turbo Tax, the popular tax filing software, requesting information to unlock a Turbo Tax account by clicking a link.
- Requests to update your taxpayer information, appearing to be from the IRS.
Always keep in mind that the IRS will not contact taxpayers by email requesting personal information.
How to Detect Fake Email
With a little advanced knowledge, it can often be fairly simple to see an email that is – or is likely – a phishing scam. Learn to look carefully especially at unsolicited email for tell-tale signs of fraud:
- Requests for personal information – if an email requests information or asks you to click a link to do so, that’s a red flag for email scams.
- Invalid or questionable links – consider any link in an email from an unknown source suspect. It only takes a moment of precaution to hover your mouse cursor over a link to reveal the details of the link.
- File attachments – unless it’s a known and expected source, it’s never a good idea to open a file received via email. Many phishing schemes rely on the curiosity or ignorance of users to open a file that releases malware to the victim’s computer – and to the network.
- Content – many malicious emails designed to appear as legitimate contain poorly-worded content, misspellings, and even blatant errors in formatting or images. This is a dead giveaway to report and delete the email immediately.
- Threats – official IRS communications will not contain threats. Users who receive threatening emails often panic and react by providing information or payment, or other requested terms.
What to Do – and Not Do – When You Get an Email Scam
IRS guidelines advise consumers of the best action to take when receiving an email purported to be from the IRS. This includes contacting their anti-phishing-scam alert team and reporting any monetary loss suffered to the Treasury Inspector General. This is especially important during tax season when phishing scams are at their peak.
In business, it is important to educate employees in the finer points of how to recognize email schemes, taking special caution to not click links or open attachments from unknown sources.
With the multitudes of employees working from home or remotely in recent months, it’s even more important to observe these guidelines, since phishing schemes may expose mobile systems more than those residing behind corporate firewalls or screening software.
When You’ve Fallen Victim to an Email Scheme
If you fall victim to an email scam, there are many steps to take to minimize the impact:
- If using a business account, notify your IT group of the incident immediately
- Run a thorough scan of your system for malware or virus detection
- Change your account passwords – all of them. You don’t know what account data the attack compromised.
- If you suspect revealed credit card information, cancel the card(s) and request new ones, and put a fraud alert on your accounts.
- Notify your contacts of the hack. Chances are good that the scammer has your contact information. Inform them that it may have exposed their email information, so that they can be on the lookout for scams.