Tax season can be a pain. Add a deluge of tax season scams to the mix and you’ve got yourself an anxiety attack waiting to happen. You know what they say… There’s nothing in this life certain except for taxes and phishing emails!
You can follow your local tax office guidelines to avoid rookie mistakes when filing your taxes. But if you want to avoid falling for those tax season scams, read on and follow AwareGO’s pro tips.
Why worry about tax season scams?
It’s easy to fall for tax season scams. Tax authorities are, after all, one of the few institutions that you would willingly give your personal information to and who have a legitimate reason to ask for them. Falling for an email that looks like it comes from your local tax authorities and claims that there are issues with your taxes is not that uncommon.
Filing taxes is stressful and when we are stressed we are more likely to make mistakes. It doesn’t help that most of us are not trained to file taxes so we are often unsure and worried that we’ve done it incorrectly. We are hoping to get as much refund as possible. A refund means money and money means that scammers will try to take advantage of the situation. It’s as simple as that.
Cyber criminals know this is a confusing and stressful time for all and they are ready to exploit it. What they’re after is your information for identity theft and most often they will use phishing emails to get it. If you think that this couldn’t happen to you, think again! Every year 15 million Americans fall victim to identity theft. That’s every year! What’s worse is that these identity thieves almost never get caught. We must all remain vigilant!
How are tax season scams done?
Tax season scams occur when someone uses your stolen personal information, including your Social Security number, to file a tax return claiming a fraudulent refund. The most common method that hackers use to get the information they need is through phishing. After all, phishing is the bread and butter of all cyber crimes. For some Phishing 101 you can visit our dedicated phishing page.
Tax season scams come in many forms. Scammers are looking to steal tax documents, file fraudulent returns in their victim’s names or even extort payment with false threats of action on behalf of tax authorities due to outstanding tax bills.
Scammers may send emails (Phishing) or call over the phone (Vishing aka Voice Phishing) claiming to be tax agents, government employees or debt collectors. They will demand payment for taxes, fees or penalties that you don’t owe. This has earned them millions of dollars over the years and they have no reason to stop while we keep falling for it.
A good thing to know is that your tax authorities will never demand immediate payment, threaten, ask for financial information over the phone or call you or email about an unexpected refund. Also, they will not ask you for credit card details (such as your credit card number and CVV).
Scare tactics are very common in tax season scams. Scammers will claim that you have broken the law or missed a deadline and demand that you act “right now”. This is a very good indication that you are being scammed as government agencies rarely work in this fashion. The same goes for promises of riches, aka refunds. Scammers know that people in general can feel intimidated when dealing with governmental agencies and tend to react quickly. The trick is to stay calm and go right to the source (type in the official website URL or call the listed phone number) to double-check the information. You should always do that, even if it takes a little more time than the deadline allows.
Scams to watch out for
Cyber criminals use seasonal and global events to create plausible phishing messages. This can be related to news of disasters like earthquakes or weather phenomenon, global pandemics or other big events. It is also related to seasonal events like the Holidays, summer vacations and, you guessed it, tax season!
We foresee a considerable uprise in scams that revolve around both taxes and Covid-19 for this tax season. Millions of people are out of work and receiving unemployment benefits for the first time. These are unusual and global circumstances and scammers are sure to take advantage of people’s confusion, worries and lack of experience in dealing with government services. Scammers may try to file for benefits on people’s behalf or send phishing emails promising Covid-19 support to get their hands on personal information.
The latest tax season scams in the US are emails impersonating the IRS to steal Electronic Filing Identification Numbers. Scammers have also been known to put up full-blown tax websites that mimic the real ones and ask for personal information and banking details, such as credit card numbers and CVV numbers. After taking you through this process these fraudulent sites might even redirect you to the official tax office home page and wipe out your browsing history. Make sure to only visit legitimate websites by typing the address into your browser when looking for information about filing taxes and getting refunds. Your local tax authorities are sure to offer guidelines and warnings of identity theft.
How to spot phishing emails
Over 90% of all successful cyber-attacks, including tax season scams, start with a phishing email. These days, phishing goes beyond emails and into instant messages as well like WhatsApp, Viber, Facebook Messenger and even good old text messages and regular mail (the type that has stamps on it).
Fraudulent messages from hacked friends or faked accounts of known businesses such as Amazon, your local postal service or the tax authorities can appear on your phone. Scammers are active all year round and can get very creative. They find new ways and messages to try and trick people every day.
Here are some easy AwareGO tips to avoid regular and tax season phishing scams:
- Be extra careful about attachments in emails
Phishing emails have either fake links or malicious attachments. If you get an email from an unknown sender, even your tax authorities, with an attachment, chances are it could be malware. You should also think twice before opening attachments from known senders.
- Hover over links in emails
Fake links come in many forms. Sometimes they look like legitimate web URLs but when you hover over them with your mouse the real URL is displayed, which is where you’re really going. In other cases there might be a slight misspelling in the URL to throw you off. For instance, could you quickly spot the difference between IRS.gov and lRS.gov?
- Double check the sender’s address.
Hackers can disguise their email address and make it look like the email is coming from a legitimate sender. It can be an institution or a known business or even someone you know. If you click the email address or hover over it, the real sender’s address will be revealed.
- Do not respond to threats in emails. Ever!
Any legitimate service you might have, or an institution you are registered at, would never send you an email threatening to close your account or penalize you with only a few hours’ notice. Scaring people into action is a hacking method and it works.
- Remember that phishing can be done without emails
Scammers can use instant messaging, social media posts and even the telephone and regular mail to try and scam you for your personal information. Be careful about who you give your sensitive information too.
- Make double-checking emails a habit
An email doesn’t have to look “phishy” for you to do an inspection of it. Make it a habit to go through these steps for any and all emails, messages and phone calls that require some sort of reaction on your behalf. Check out AwareGO’s 52 Shades of Cybersecurity for more great cyber secure habits.
Awareness training for tax season scams and phishing
Well trained people are the best defense against cyber-attacks and tax season scams. Good security awareness training doesn’t just make businesses more secure, it makes people more secure in their private lives and that’s important too. This is AwareGO’s specialty! We help businesses and institutions train their employees in cybersecurity and how to avoid attacks and data leaks.
We offer several ready-made training programs, one of which is our Phishing training programs. It is designed to teach employees how to recognize phishing emails and to be vigilant when it comes to all emails and attachments.
The program has 12 awareness training videos with additional reading and quizzes. The subjects cover phishing, vishing, spear phishing, CEO scams, spyware, MS Office attachments and more. Each subject only takes 2-3 minutes to finish. We recommend delivering the training over a four-week period or even more, to keep the message fresh in people’s mind.