The Internal Revenue Service is warning taxpayers to avoid identity theft by watching for phishing scams that typically increase around the tax season.
The IRS says the easiest way for an identity thief to steal taxpayer information is by simply asking for it. Victims fall for phishing scams through emails, texts, or phone and mistakenly turn over important data.
The IRS saw a 400 percent surge in phishing and malware incidents during the 2016 tax season.
Phishing scams ask taxpayers about a wide range of topics. Emails can seek information related to tax refunds, filing status, confirming personal information, ordering transcripts, verifying PIN information and asking people to call their tax software account.
The Internal Revenue Service and its Security Summit partners campaign calls for taxpayers take the time to examine, identify and avoid emails that:
- Contain a link. Scammers often pose as the IRS, financial institutions, credit card companies or even tax companies or software providers. These scams may claim they need the recipient to update their account or request they change a password. The email offers a link to a spoofing site that may look similar to the legitimate official website. Taxpayers should follow a simple rule: Don’t click on the link. If in doubt, they should go directly to the legitimate website to access the account.
- Contain an attachment. Another option for scammers is to include an attachment to the email. This attachment may be infected with malware that can download malicious software onto the recipient’s computer without their knowledge. If it is spyware, it can track the recipient’s keystrokes to obtain information about their passwords, Social Security number, credit cards or other sensitive data. Remember, taxpayers shouldn’t open attachments from unknown sources.
- Are from a “government” agency or “financial institution.” Scammers attempt to frighten people into opening email links by posing as government agencies, financial institutions, and even tax companies. Thieves often try to imitate the official organizations, especially tax-related ones during the filing season.
- Are from a “friend.” Scammers also hack email accounts and try to leverage the stolen email addresses. Recipients may receive an email from a “friend” that just does not seem right. It may be missing a subject for the subject line or contain odd requests or language as the underlying content. If the email seems “odd,” taxpayers should avoid clicking on any links or opening attachments.
- Contain a false “lookalike” URL. The sending email may try to trick the recipient with the URL or web address. For example, instead of www.IRS.gov, it may be a false lookalike such as www.irs.gov.maliciousname.com. To verify the authenticity, a recipient can place their cursor over the text to view a pop-up of the real URL.
Learning to recognize and avoid phishing emails - and sharing that knowledge with family members - is critical to combating identity theft and data loss.