The second day of National Tax Security Awareness Week saw the Internal Revenue Service spotlight common signs of tax-related identity theft phishing scams.
As one of the most common data-security threats faced by taxpayers and tax professionals alike, phishing scams take many forms. While they can appear as an email, website, phone call, or printed letter, phishing scams tend to use similar tactics—and learning those telltale signs is one way to protect yourself.
Luckily, phishing scam basics is the focus of today’s IRS press release.
What is a phishing scam?
Phishing scams are unsolicited communications from identity thieves who want to trick you into giving them your personally identifiable information (PII) or money. As the IRS points out, “the most common way thieves steal identities is simply by asking for it.”
The basic gimmick is that identity thieves pose as a representative from an organization that you trust, like “a bank, a favorite retailer, or even a tax professional.” Fraudsters wager that you are more likely to believe the request for your Social Security Number is legitimate if it appears to come from the IRS.
What are the signs of a phishing scam?
Phishing scams tend to seem “urgent,” the IRS warns. They do this by making you believe there’s a problem that needs to be solved immediately, like paying your tax bill or updating your account information. But that’s just the hook.
To get victims to provide their PII without thinking twice, scammers tend to ask for it directly or “[instruct] the receiver to open an embedded link or download an attachment.” Links may send you to a compromised website that is designed to trick you into providing you information by filling out a form, and downloaded files can contain malware that tracks what you do on your computer—like what you type when you access your bank account.
What should I do if I receive a phishing email?
If you suspect you have received a phishing email, the IRS says you need to resist the urge to respond. Taxpayers who are more vulnerable to these urgent requests—like a someone who knows he owes money to the IRS—can contact the IRS directly via their official phone number or by “[registering] at the official IRS.gov website and [checking] their account balance.”
Once you’re confident the request is a scam, report the incident to firstname.lastname@example.org. The IRS uses this information to improve their catalogue of phishing scams, which they use to warn taxpayers about the most recent scams making the rounds. After all, it’s harder for fraudsters to trick people who are wise to their schemes.
Should I click links on social media?
Identity thieves have started posting links on social media platforms. Someone who is practices good security habits with their personal and work email might not be as cautious when they see a link on Facebook or Twitter.
The IRS has the following advice: “Do not open links from social media unless you are certain of the source.” That advice extends to every platform where you might encounter a link.
What’s next for National Tax Security Awareness Week?
Tomorrow, the IRS will cover another key aspect of data security: creating secure passwords.