With the holidays here and the 2019 filing season, the Internal Revenue Service, state tax agencies and the nation’s tax industry warned people to be on the lookout following a surge of new, sophisticated email phishing scams, the IRS announced.
Taxpayers saw many more phishing scams in 2018 as the IRS recorded a 60 percent increase in bogus email schemes that seek to steal money or tax data. These schemes can endanger a taxpayer’s financial and tax data, allowing identity thieves a chance to try stealing a tax refund.
The Internal Revenue Service, state tax agencies and the tax community, partners in the Security Summit, are marked “National Tax Security Awareness Week” Dec. 3 -7, with a series of reminders to taxpayers and tax professionals.
“The holidays and tax season present great opportunities for scam artists to try stealing valuable information through fake emails,” said IRS Commissioner Chuck Rettig. “Watch your inbox for these sophisticated schemes that try to fool you into thinking they’re from the IRS or our partners in the tax community. Taking a few simple steps can protect yourself during the holiday season and at tax time.”
In the second part of the recent National Tax Security Awareness Week series, the IRS and Summit partners warned against a new influx of phishing scams.
Tax-related phishing scams reported to the IRS declined for the prior three years until a surge in 2018. More than 2,000 tax-related scam incidents were reported to the IRS from January through October, compared to approximately 1,200 incidents in all of 2017.
One recent malware campaign used a variety of subjects like “IRS Important Notice,” “IRS Taxpayer Notice” and other variations. The phishing emails, which use varying language, demands a payment or threatens to seize the recipient’s tax refund.
Taxpayers can help spot these schemes by examples of misspelling and bad grammar. Taxpayers can forward these email schemes to phishing@irs.gov.
The most common way for cybercriminals to steal money, bank account information, passwords, credit cards or Social Security numbers is to simply ask for them. Every day, people fall victim to phishing scams or phone scams that cost them their time and their cash, the IRS said in its news release.
Phishing attacks use email or malicious websites to solicit personal, tax or financial information by posing as a trustworthy organization. Often, recipients are fooled into believing the phishing communication is from someone they trust.
A scam artist may take advantage of knowledge gained from online research and earlier attempts to masquerade as a legitimate source, including presenting the look and feel of authentic communications, such as using an official logo, the IRS said. These targeted messages can trick even the most cautious person into taking action that may compromise sensitive data.
The scams may contain emails with hyperlinks that take users to a fake site. Other versions contain PDF attachments that may download malware or viruses.
Some phishing emails will appear to come from a business colleague, friend or relative. These emails might be an email account compromise. Remember, criminals may have compromised your friend’s email account and begin using their email contacts to send phishing emails.
Not all phishing attempts are emails – some are phone scams. One of the most common phone scams is the caller pretending to be from the IRS and threatening the taxpayer with a lawsuit or with arrest if payment is not made immediately, usually through a debit card.