Protect Yourself from Tax Fraud
By Todd Miller, Information Security Officer
At this time of year, it’s especially important to be aware of tax fraud scams. Criminals posing as the IRS or other tax officials gather sensitive information to impersonate their victims and file fraudulent tax returns. Sometimes these criminals use data that was already compromised, such as information from the Equifax breach, but much of the data is collected through phishing. In 2018, there was a 60% increase in phishing scams involving money or tax data theft. Being mindful of their tactics can help you protect yourself from becoming a tax fraud victim.
The IRS will not:
- Initiate contact by phone, email, text message, or social media without sending an official letter in the mail first.
- Call to demand immediate payment over the phone using a specific payment method, such as debit or credit card, a prepaid card, a gift card, or a wire transfer.
- Threaten you with jail or lawsuits for non-payment.
- Demand payment without giving you the opportunity to question or appeal the amount they say you owe.
- Request any sensitive information online, including PIN numbers, passwords, or similar information for financial accounts.
Protect yourself from IRS scams by doing the following:
- File your taxes as soon as possible.
- Be wary of calls, texts, emails, or websites asking for personal information, tax data, or payment information.
- If someone claiming to be from the IRS calls you, use caution by ending the call. Remember, the IRS will always first contact you by postal mail.
- Always contact organizations through their publicly-posted service line and not a number a questionable caller provides.
- Don’t click on links in emails or text messages. Always type the verified real website address in your browser.
- Don’t open attachments from unsolicited emails or text messages. They may contain harmful malware.
- Only conduct financial business over trusted sites and networks. Use caution when using public, guest, free, or insecure Wi-Fi networks. Consider a Virtual Private Network (VPN).
- Use strong, unique passwords for all your accounts and protect them. If compromised, a reused or shared password could grant criminals access to multiple accounts.
- Shred all documents containing confidential and financial information.
- Check your financial account statements and credit report regularly for unauthorized activity.
- If you receive a suspicious email at work, report it according to your organizational policy. If you receive a suspicious personal email, you are encouraged to send it as an attachment to firstname.lastname@example.org.